#evilginx — Public Fediverse posts

@emilion in https://infosec.exchange/@emilion/116595960854703567: you misunderstand me. My point is that Scott's article is yet another one in long row that reads like an advertisement.

I am not insisting that FIDO or whatever organisation fixes things (regardless whether that is something they can do or not): I am asking for USEFUL information for users to evaluate advantages and their risks.

A similar example: #TOTP was (and still is) being heavily promoted because people use (and reuse) extremely weak passwords. TOTP does *NOT* fix that problem (apart from the shit that we got, e.g. today's https://www.heise.de/en/news/Microsoft-Authenticator-Critical-vulnerability-allows-token-theft-11296758.html).

Effectively people are told to use a password manager (the TOTP app) to fix ANOTHER problem, and nobody tells them to make backups of shared secrets (leading to account lockout).#Phishing is likely the biggest problem on the Internet, while TOTP does not fix that (and no, #Evilginx is no longer considered a "sophisticated" attack, from 2019: https://techcommunity.microsoft.com/blog/microsoft-entra-blog/all-your-creds-are-belong-to-us/855124).

People who lose trust in security-pro's who state "just use this tech, it's great" are right. We need to do a better job.

@ScottHelme

#Passkeys #PasskeyRisks #Passwords #PasswordRisks #PasswordManager #AuthenicatorApps #MicrosoftAuthenticator

@emilion in https://infosec.exchange/@emilion/116595960854703567: you misunderstand me. My point is that Scott's article is yet another one in long row that reads like an advertisement.

I am not insisting that FIDO or whatever organisation fixes things (regardless whether that is something they can do or not): I am asking for USEFUL information for users to evaluate advantages and their risks.

A similar example: #TOTP was (and still is) being heavily promoted because people use (and reuse) extremely weak passwords. TOTP does *NOT* fix that problem (apart from the shit that we got, e.g. today's https://www.heise.de/en/news/Microsoft-Authenticator-Critical-vulnerability-allows-token-theft-11296758.html).

Effectively people are told to use a password manager (the TOTP app) to fix ANOTHER problem, and nobody tells them to make backups of shared secrets (leading to account lockout).#Phishing is likely the biggest problem on the Internet, while TOTP does not fix that (and no, #Evilginx is no longer considered a "sophisticated" attack, from 2019: https://techcommunity.microsoft.com/blog/microsoft-entra-blog/all-your-creds-are-belong-to-us/855124).

People who lose trust in security-pro's who state "just use this tech, it's great" are right. We need to do a better job.

@ScottHelme

#Passkeys #PasskeyRisks #Passwords #PasswordRisks #PasswordManager #AuthenicatorApps #MicrosoftAuthenticator

@emilion in https://infosec.exchange/@emilion/116595960854703567: you misunderstand me. My point is that Scott's article is yet another one in long row that reads like an advertisement.

I am not insisting that FIDO or whatever organisation fixes things (regardless whether that is something they can do or not): I am asking for USEFUL information for users to evaluate advantages and their risks.

A similar example: #TOTP was (and still is) being heavily promoted because people use (and reuse) extremely weak passwords. TOTP does *NOT* fix that problem (apart from the shit that we got, e.g. today's https://www.heise.de/en/news/Microsoft-Authenticator-Critical-vulnerability-allows-token-theft-11296758.html).

Effectively people are told to use a password manager (the TOTP app) to fix ANOTHER problem, and nobody tells them to make backups of shared secrets (leading to account lockout).#Phishing is likely the biggest problem on the Internet, while TOTP does not fix that (and no, #Evilginx is no longer considered a "sophisticated" attack, from 2019: https://techcommunity.microsoft.com/blog/microsoft-entra-blog/all-your-creds-are-belong-to-us/855124).

People who lose trust in security-pro's who state "just use this tech, it's great" are right. We need to do a better job.

@ScottHelme

#Passkeys #PasskeyRisks #Passwords #PasswordRisks #PasswordManager #AuthenicatorApps #MicrosoftAuthenticator

@emilion in https://infosec.exchange/@emilion/116595960854703567: you misunderstand me. My point is that Scott's article is yet another one in long row that reads like an advertisement.

I am not insisting that FIDO or whatever organisation fixes things (regardless whether that is something they can do or not): I am asking for USEFUL information for users to evaluate advantages and their risks.

A similar example: #TOTP was (and still is) being heavily promoted because people use (and reuse) extremely weak passwords. TOTP does *NOT* fix that problem (apart from the shit that we got, e.g. today's https://www.heise.de/en/news/Microsoft-Authenticator-Critical-vulnerability-allows-token-theft-11296758.html).

Effectively people are told to use a password manager (the TOTP app) to fix ANOTHER problem, and nobody tells them to make backups of shared secrets (leading to account lockout).#Phishing is likely the biggest problem on the Internet, while TOTP does not fix that (and no, #Evilginx is no longer considered a "sophisticated" attack, from 2019: https://techcommunity.microsoft.com/blog/microsoft-entra-blog/all-your-creds-are-belong-to-us/855124).

People who lose trust in security-pro's who state "just use this tech, it's great" are right. We need to do a better job.

@ScottHelme

#Passkeys #PasskeyRisks #Passwords #PasswordRisks #PasswordManager #AuthenicatorApps #MicrosoftAuthenticator

Novel Evilginx Frontend - Lowering the barrier for token theft reuse
#Evilginx
https://newtonpaul.com/blog/evilginx-m365-aitm-panel-research/

🪝 US universities hit by a major phishing wave using more than seventy fake domains plus an Evilginx kit that bypasses MFA posing serious credential theft risk.

Read: https://hackread.com/us-universities-domains-phishing-attacks/

#Cybersecurity #Phishing #Infosec #Evilginx #EducationSector

DNS Uncovers Infrastructure Used in SSO Attacks
#Evilginx
https://blogs.infoblox.com/threat-intelligence/dns-uncovers-infrastructure-used-in-sso-attacks/

Attackers have a new way to slip past your MFA https://www.malwarebytes.com/blog/news/2025/12/attackers-have-a-new-way-to-slip-past-your-mfa #sessioncookie #Evilginx #passkey #Scams #News

Don’t let MFA lull you into complacency. Advanced phishing kits can still slip through.

Before the Thanksgiving holiday, one of our customers alerted us to an Evilginx MITM phishing campaign targeting university students and SSO portals. At least 18 American institutions were targeted.

We tested several approaches for large-scale detection, including analyzing web server fingerprints and HTTP artifacts. However, this proved challenging because Evilginx operates as a proxy between the victim’s browser and the legitimate login page, making its behavior and content nearly indistinguishable from the real site. In the end, we mostly relied on DNS for confirmation and classification.

Here is a short blog about the campaign and actor, including involved domains and IPs.

https://blogs.infoblox.com/threat-intelligence/dns-uncovers-infrastructure-used-in-sso-attacks/

#InfobloxThreatIntel #dns #evilginx #threatintel #threatintelligence #infosec #cybersecurity #cybercrime #infoblox #phishing #mitm #aitm #sso #mfa #university #students #proxy #login

Evilginx Tool (Still) Bypasses MFA – Source: www.darkreading.com https://ciso2ciso.com/evilginx-tool-still-bypasses-mfa-source-www-darkreading-com/ #rssfeedpostgeneratorecho #DarkReadingSecurity #CyberSecurityNews #DARKReading #Evilginx

So #evilginx is a MITM attack that is used to steal login credentials and highjack the session cookie. How can this be mitigated outside of providing users with a physical token? #MFA #MITM #FIDO2

Astaroth Phishing Kit Bypasses 2FA to Hijack Gmail and Microsoft Accounts https://hackread.com/astaroth-phishing-kit-bypasses-2fa-hijack-gmail-microsoft/ #Cybersecurity #PhishingScam #CyberCrime #Microsoft #Security #Astaroth #Evilginx #Phishing #gmail #Yahoo

Astaroth Phishing Kit Bypasses 2FA to Hijack Gmail and Microsoft Accounts – Source:hackread.com https://ciso2ciso.com/astaroth-phishing-kit-bypasses-2fa-to-hijack-gmail-and-microsoft-accounts-sourcehackread-com/ #1CyberSecurityNewsPost #CyberSecurityNews #cybersecurity #PhishingScam #CyberCrime #Microsoft #Astaroth #Evilginx #Hackread #Phishing #security #gmail #Yahoo

Evilginx 3 para ataques man-in-the-middle mediante Phishing (integración con GoPhish) https://blog.elhacker.net/2025/01/evilginx-3-para-ataques-man-in-middle.html #evilginx2 #Evilginx #mitm

Life has felt a bit less hectic these last few months and I feel at peace with some things I won’t go into. With that, I’ve been able to restructure what I want to focus on with a more narrow scope without my mind feeling as chaotic.
Some things I’m starting / want to start soon:
Read the Psychology of Intelligence Analysis
Revisit learning #Go mainly for HTTP utilities
Learn #Evilginx and #GoPhish (apply Golang knowledge here) to get a deeper understanding of #phishing threats on both offensive and defensive side.
Read more in general— this #cti paper was very insightful https://www.tandfonline.com/doi/full/10.1080/08850607.2020.1780062

This still appears to be somewhat broad scoped but it helps build a structure.

A Bit of Security for Jan 30, 2024
How can you prove you are who you say you are when you’re talking to a computer? Listen to this -
https://youtu.be/HBHs191WD08
Let me know what you think at [email protected]

#cybersecuritytips #evilginx #MFA #phishing #BitofSec

A new approach to Browser In The Browser (#BITB) without the use of iframes, allowing the bypass of traditional framebusters implemented by login pages like #Microsoft and the use with #Evilginx. : https://github.com/waelmas/frameless-bitb?fbclid=IwAR1UGSiByeRZWUtxXkSb-zrNRTgmyXtbcp7s0dxZsThyeDPLmsLC5pOFiV8

Kuba @mrgretzky is building an awesome community around Evilginx at Breakdev Red.

I 😍 the hilarious response I received for my whoami post 😂

#evilginx #community #entraid

It's crazy how even multi-factor authentication can be bypassed by stealing the Auth Cookie for a session with #evilginx. Being more vigilant of domain names is a must nowadays, especially when landing pages can be made nearly similar to the official pages from sites you visit.

I have mixed feelings about #evilginx being #OpenSource. On one hand, it's good that it's open source and knowledge of such #exploit methods is thoroughly known, but on the other hand it also makes it easier for more people to have a chance at doing sophisticated #phishing attacks by presenting it as an easy to install binary with an accompanying course on how to set up the configs properly.

https://youtu.be/sZ22YulJwao
https://github.com/kgretzky/evilginx2

Looking at the Github issues on #evilginx, the progressive changes to `ISSUE_TEMPLATE.md` and how the vast majority of issues still fully ignore it, has convinced me that I never, ever want any red-team tool I ever write to reach any kind of notoriety or visibility in the public consciousness.

I think the inclusion of any tool I write into a release of #Kali would probably have me remove the damn thing from github 🙃

I feel for the author 🫠

https://github.com/kgretzky/evilginx2

For anyone at @BlueTeamCon who wants to understand why many forms of MFA are not phishing-resistant and why passkeys/FIDO2 are, tomorrow at 12:20pm during lunch in the #unconference room I’ll be delivering an impromptu session on #phishing resistant authentication, including a live demo of #evilginx.

#BlueTeamCon #BlueTeam #blueteamcon2023 #mvpbuzz #infosec

How Much Is The Phish? Evolving Defences Against Evilginx Reverse Proxy - https://www.youtube.com/watch?v=C-Fh4sIdY8c #phishing #evilginx