Evilginx
@evilginx
I am the evil bot capturing your MFA tokens. Offensive security reverse-proxy phishing framework capable of bypassing MFA protections, created by @mrgretzky
You might like
I approve this message! 🪝🐟
Session hijacking a Microsoft 365 account! Stealing their credentials and bypassing MFA prompt with Evilginx: a reverse-proxy phishing framework! We stage a phishing domain and email pretense, and gain full access to the victim account! youtu.be/sZ22YulJwao
The official MFA phishing anthem! 🍪💗🎵
🎵🎧 .lıllılı.ıllı.ılılıılıı.lllııılı. UwU Underground Now Playing: [I Stole Your MFA] 0:44 ———♡———1:52 ◁◁ ▐ ▌ ▷▷ Get Psyopped By New Music, Mammals
🚨 The Black Friday sale is coming! The sale drops at midnight today! (UTC+1) It will be the biggest sale yet! 🤩
Black hat Asia training is completed. Two days of sharing with our students how APTs compromise AD and Entra ID. And I couldn't help but give a quick shout-out to @evilginx Next stop is @x33fcon & I'm looking forward to it!
Merry Christmas everyone! ❄️☃️🎄 Wish you all the best and thank you for a great year! ✨️
Our friend @mrgretzky hooked us up with 12 Evilginx Mastery courses - making it the 12 days of Evilginx Xmas:) Course details: academy.breakdev.org/evilginx-maste… Comment below for a chance to win.
🚨 BLACK FRIDAY Evilginx Mastery -40% SALE 🚨 👑 40% discount (biggest yet!) ⏰ Only 24 hours Code: BLACKFRIDAY40SALE Link: academy.breakdev.org/evilginx-maste… Hurry! It's active only until tomorrow!
🚨 Evilginx Mastery Black Friday SALE is coming... tomorrow! 🔥 It will be the BIGGEST sale so far! 🤩 ⏰ Sale will last only 24 hours.
The purpose of SMS/Push/# matching MFA was to put you past most victims and thus most toolsets. There was a point you were basically immune with legacy protocols turned off in Exchange. Now that stronger methods are normalized, attackers are targeting their weaknesses. Not done.
Session hijacking a Microsoft 365 account! Stealing their credentials and bypassing MFA prompt with Evilginx: a reverse-proxy phishing framework! We stage a phishing domain and email pretense, and gain full access to the victim account! youtu.be/sZ22YulJwao
Session hijacking a Microsoft 365 account! Stealing their credentials and bypassing MFA prompt with Evilginx: a reverse-proxy phishing framework! We stage a phishing domain and email pretense, and gain full access to the victim account! youtu.be/sZ22YulJwao
🚨 The big reveal of Evilginx Pro is finally OUT! 🚨 📔From this blog post you will learn what makes the Pro version different from the community one. 🎟️I explain how Evilpuppet secret token extraction works and showcase the core features. Enjoy! 🪝🐟 breakdev.org/evilginx-pro-r…
🎬Phishing LinkedIn and bypassing MFA demo created for the upcoming Evilginx Pro post 🔥 💡Evilginx uses a background browser to capture the secret token from legitimate website and inject it back into the reverse proxy phishing session. P.S. Enjoy that Cyberpunk tune I made 🎵
Patch to add custom DNS records in running instance of Evilginx made by @ojensen5115 🔥 This is getting added for good in upcoming updates.
🚨BREAKING: Evilginx 3.2 is OUT! 🪝🐟 To celebrate the release of the new update, here is the special 10% discount code for the Evilginx Mastery course! 🎁Code: EVILGINX32 (valid until 31st Aug) 🔗Link: academy.breakdev.org/evilginx-maste… breakdev.org/evilginx-3-2/
Finally my talk from @x33fcon is online! 🔥 I try my best to explain what websites could do to protect the users against reverse proxy phishing attacks like Evilginx.🪝🐟 There is also a bonus live demo at the end with some Evilginx Pro secret sauce! 💡 youtube.com/watch?v=C-Fh4s…
youtube.com
YouTube
16. How Much Is The Phish? Evolving Defences Against Evilginx Reverse...
🎁 Who is excited for Evilginx 3.2 release NEXT WEEK? 🔥 One of the new features is the ability to pause your lures for fixed time duration. Useful if you want to prevent your lure URLs from being scanned right after you send them out or if you want to lay low for a day or two.
Override global redirect URL for each phishlet separately in the upcoming Evilginx 3.2 update 🔥 More features to come as well! Huge thanks to @0x_aalex for pitching this idea in his PR on GitHub.
Working on developing a dedicated phishing training lab with MFA support for the upcoming Evilginx Mastery course. Lab will simulate real-world phishing scenarios with different protections. Each lesson will teach how to develop a working phishlet hands-on for a given scenario.
United States Trends
- 1. INCOGNITO 4,183 posts
- 2. Cynthia 81.9K posts
- 3. #WorldKindnessDay 12.2K posts
- 4. Massie 84.1K posts
- 5. Larry Brooks 2,464 posts
- 6. GRABFOOD LOVES LINGORM 913K posts
- 7. Encyclopedia Galactica 3,331 posts
- 8. #NXXT_EarningReport N/A
- 9. Katie Couric 2,648 posts
- 10. Bonhoeffer 1,842 posts
- 11. #thursdayvibes 3,714 posts
- 12. Tommy James N/A
- 13. Good Thursday 37.8K posts
- 14. #LoveDesignEP7 84.8K posts
- 15. Michael Burry 11.4K posts
- 16. RIN AOKBAB BEGIN AGAIN 84.7K posts
- 17. #SwiftDay N/A
- 18. RIP Brooksie 1,398 posts
- 19. Bongino 7,352 posts
- 20. $NXXT 1,205 posts
You might like
-
Kuba Gretzky
@mrgretzky -
tmp.0ut
@tmpout -
NULL
@NUL0x4C -
Swissky
@pentest_swissky -
Rémi GASCOU (Podalirius)
@podalirius_ -
AttackIQ
@AttackIQ -
Panda🐼
@realcyberpanda -
RedTeam Pentesting
@RedTeamPT -
BINARLY🔬
@binarly_io -
bohops
@bohops -
Chris Thompson
@retBandit -
Shellter
@shellterproject -
Ryan Basden
@_rybaz -
Lloyd Davies
@LloydLabs -
Arun
@dazzyddos
Something went wrong.
Something went wrong.