Kuba Gretzky

Evilginx Creator

evilginx

Open source is dying.

Open source is dying a slow, painful death. For the time being, the AI-related issues in the open-source space have been largely attributed to the flood of AI-slop-generated code contributions, which human project maintainers were unable to process because the effort required to validate each contribution far exceeded the quality

evilginx Featured

Evilginx Pro 4.3 - Event Notifications & Proxies Overhaul

The newest 4.3 update delivers real-time event notifications, an overhaul of the tunnelling proxy system and a new CSS canary token evasion.

evilginx Featured

Evilginx Pro 4.2 - Anti-phishing evasions and more!

The latest update includes a complete proxy engine rewrite, new anti-phishing evasions, added support for new DNS providers, custom hostnames for lure URLs, better Gophish integration and more!

evilginx Featured

Evilginx Pro is finally here!

After over two years of development, Evilginx Pro reverse proxy phishing framework for red teams is finally live!

evilginx Featured

Evilginx 3.3 - Go & Phish

Evilginx 3.3 update is here and it comes packing with the special feature everyone has been waiting for.

evilginx

Evilginx Pro - The Future of Phishing

I've teased the idea of Evilginx Pro long enough and I think it is finally time to make a proper reveal of what it exactly is. Evilginx Pro will be a paid professional version of Evilginx, with extra features and added advanced reverse proxy anti-detection techniques, available only

breakdev

BREAKDEV RED - Red Team Community

Join the vetted Discord community, oriented around using Evilginx and ethical phishing, where everyone can safely share their phishing tips and tricks without worrying about them being misused by unknown parties.

evilginx

Evilginx 3.2 - Swimming With The Phishes

The new free update for the Evilginx phishing framework is OUT NOW! Enjoy the new features and improvements!

phishing

Evil QR - Phishing With QR Codes

Evil QR is a spin-off of a QRLJacking attack, demonstrating how attackers could take over accounts by convincing users to scan supplied QR codes, through phishing.

evilginx Featured

Evilginx 3.0 + Evilginx Mastery

I'm finally releasing the new update to Evilginx, together with Evilginx Mastery video course, created to teach you everything you need to know about reverse proxy phishing and using Evilginx in most efficient manner.

windows Featured

Exploring ZIP Mark-of-the-Web Bypass Vulnerability (CVE-2022-41049)

Windows ZIP extraction bug (CVE-2022-41049) lets attackers craft ZIP files, which evade warnings on attempts to execute packaged files, even if ZIP file was downloaded from the Internet.

hacking

Hacked Discord - Bookmarklet Strikes Back

Discord accounts are getting hacked. This is my analysis of how most recent bookmarklet attacks work, with guidelines on what Discord can do to mitigate these attacks.

evilginx Featured

Evilginx 2.4 - Gone Phishing

"Gone Phishing" 2.4 update to your favorite phishing framework is here. May the phishing season begin!

pwndrop Featured

Pwndrop - Self-hosting Your Red Team Payloads

Pwndrop is a self-deployable file hosting service for red teamers, allowing to easily upload and share payloads over HTTP and WebDAV.

evilginx

Evilginx 2.3 - Phisherman's Dream

Welcome to 2019! As was noted, this will be the year of phishing automation. We've already seen a release of new reverse-proxy tool Modlishka and it is only January. This release would not have happened without the inspiration I received from Michele Orru (@antisnatchor), Giuseppe Trotta (@Giutro) and

evilginx

Evilginx 2.2 - Jolly Winter Update

Tis the season to be phishing! I've finally found some free time and managed to take a break to work on preparing a treat for all of you phishing enthusiasts out there. Just in time for the upcoming holiday season, I present you the chilly Evilginx update. [Download

evilginx

Evilginx 2.1 - The First Post-Release Update

About 2 months ago, I've released Evilginx 2. Since then, a lot of you reported issues or wished for specific features. Your requests have been heard! I've finally managed to find some time during the weekend to address the most pressing matters. [>> Download Evilginx

evilginx Featured

Evilginx 2 - Next Generation of Phishing 2FA Tokens

It's been over a year since the first release of Evilginx and looking back, it has been an amazing year. I've received tons of feedback, got invited to WarCon by @antisnatchor (thanks man!) and met amazing people from the industry. A year ago, I wouldn'

hacking

Evilginx 1.1 Release

Hello! Today I am bringing you another release of Evilginx with more bug fixes and added features. The development is going very well and the feedback from you is terrific. I've managed to address most of the requests you sent me on GitHub and I hope to address

hacking

Evilginx 1.0 Update - Up Your Game in 2FA Phishing

Welcome back! It's been just a couple of weeks since Evilginx release and I'm already swimming in amazing feedback. This encouraged me to spend more time on this project and make it better. The first release was more of a proof of concept, but now I

hacking

Evilginx - Advanced Phishing with Two-factor Authentication Bypass

Welcome to my new post! Over the past several months I've been researching new phishing techniques that could be used in penetration testing assignments. Almost every assignment starts with grabbing the low-hanging fruit, which are often employees' credentials obtained via phishing. In today's post I&

hacking

Sniping Insecure Cookies with XSS

In this post I want to talk about improper implementation of session tokens and how one XSS vulnerability can result in full compromise of a web application. The following analysis is based on an existing real-life web application. I cover the step-by-step process that lead to administrator's account

hacking

How I Hacked an Android App to Get Free Beer

Just recently I stumbled upon an Android app that lets you receive free products in various pubs, restaurants or cafes in exchange for points accumulated with previous purchases. When the purchase is made, you let the vendor know that you want to receive points. In the app you select the

assembly

Defeating Antivirus Real-time Protection From The Inside

Hello again! In this post I'd like to talk about the research I did some time ago on antivirus real-time protection mechanism and how I found effective ways to evade it. This method may even work for evading analysis in sandbox environments, but I haven't tested

obfuscation

Obfusion - C++ X86 Code Obfuscation Library

After several weeks of research and having produced a proof-of-concept code in Python, I have finally found some time to code the obfuscation library in proper programming language. I have named the library Obfusion and I will make sure to expand on its functionality in the future. Obfusion, at the