evilginx Evilginx 2.4 - Gone Phishing "Gone Phishing" 2.4 update to your favorite phishing framework is here. May the phishing season begin!
pwndrop Pwndrop - Self-hosting Your Red Team Payloads Pwndrop is a self-deployable file hosting service for red teamers, allowing to easily upload and share payloads over HTTP and WebDAV.
evilginx Evilginx 2.3 - Phisherman's Dream Welcome to 2019! As was noted, this will be the year of phishing automation. We've already seen a release of new reverse-proxy tool Modlishka and it is only January. This
evilginx Evilginx 2.2 - Jolly Winter Update Tis the season to be phishing! I've finally found some free time and managed to take a break to work on preparing a treat for all of you phishing enthusiasts
evilginx Evilginx 2.1 - The First Post-Release Update About 2 months ago, I've released Evilginx 2. Since then, a lot of you reported issues or wished for specific features. Your requests have been heard! I've finally managed to
evilginx Evilginx 2 - Next Generation of Phishing 2FA Tokens It's been over a year since the first release of Evilginx and looking back, it has been an amazing year. I've received tons of feedback, got invited to WarCon by
hacking Evilginx 1.1 Release Hello! Today I am bringing you another release of Evilginx with more bug fixes and added features. The development is going very well and the feedback from you is terrific.
hacking Evilginx 1.0 Update - Up Your Game in 2FA Phishing Welcome back! It's been just a couple of weeks since Evilginx release and I'm already swimming in amazing feedback. This encouraged me to spend more time on this project and
hacking Evilginx - Advanced Phishing with Two-factor Authentication Bypass Welcome to my new post! Over the past several months I've been researching new phishing techniques that could be used in penetration testing assignments. Almost every assignment starts with grabbing
hacking Sniping Insecure Cookies with XSS In this post I want to talk about improper implementation of session tokens and how one XSS vulnerability can result in full compromise of a web application. The following analysis
hacking How I Hacked an Android App to Get Free Beer Just recently I stumbled upon an Android app that lets you receive free products in various pubs, restaurants or cafes in exchange for points accumulated with previous purchases. When the
assembly Defeating Antivirus Real-time Protection From The Inside Hello again! In this post I'd like to talk about the research I did some time ago on antivirus real-time protection mechanism and how I found effective ways to evade
obfuscation Obfusion - C++ X86 Code Obfuscation Library After several weeks of research and having produced a proof-of-concept code in Python, I have finally found some time to code the obfuscation library in proper programming language. I have
x86 X86 Shellcode Obfuscation - Part 3 Hello and welcome back to the shellcode obfuscation series! If you've missed the previous episodes, take your time and catch up here: X86 Shellcode Obfuscation - Part 1 X86 Shellcode
x86 X86 Shellcode Obfuscation - Part 2 Welcome back to the series where I research the subject of shellcode obfuscation. If you missed the last episode, feel free to catch up by following this link: X86 Shellcode
x86 X86 Shellcode Obfuscation - Part 1 I decided to do research on shellcode obfuscation in order to see how hard it would be to develop a tool that can take any binary x86 shellcode and generate