evilginx Featured Evilginx Pro is finally here! After over two years of development, Evilginx Pro reverse proxy phishing framework for red teams is finally live!
evilginx Featured Evilginx 3.3 - Go & Phish Evilginx 3.3 update is here and it comes packing with the special feature everyone has been waiting for.
evilginx Evilginx Pro - The Future of Phishing I've teased the idea of Evilginx Pro long enough and I think it is finally time to make a proper reveal of what it exactly is. Evilginx Pro will be a paid professional version of Evilginx, with extra features and added advanced reverse proxy anti-detection techniques, available only to BREAKDEV
breakdev BREAKDEV RED - Red Team Community Join the vetted Discord community, oriented around using Evilginx and ethical phishing, where everyone can safely share their phishing tips and tricks without worrying about them being misused by unknown parties.
evilginx Evilginx 3.2 - Swimming With The Phishes The new free update for the Evilginx phishing framework is OUT NOW! Enjoy the new features and improvements!
phishing Evil QR - Phishing With QR Codes Evil QR is a spin-off of a QRLJacking attack, demonstrating how attackers could take over accounts by convincing users to scan supplied QR codes, through phishing.
evilginx Featured Evilginx 3.0 + Evilginx Mastery I'm finally releasing the new update to Evilginx, together with Evilginx Mastery video course, created to teach you everything you need to know about reverse proxy phishing and using Evilginx in most efficient manner.
windows Featured Exploring ZIP Mark-of-the-Web Bypass Vulnerability (CVE-2022-41049) Windows ZIP extraction bug (CVE-2022-41049) lets attackers craft ZIP files, which evade warnings on attempts to execute packaged files, even if ZIP file was downloaded from the Internet.
hacking Hacked Discord - Bookmarklet Strikes Back Discord accounts are getting hacked. This is my analysis of how most recent bookmarklet attacks work, with guidelines on what Discord can do to mitigate these attacks.
evilginx Featured Evilginx 2.4 - Gone Phishing "Gone Phishing" 2.4 update to your favorite phishing framework is here. May the phishing season begin!
pwndrop Featured Pwndrop - Self-hosting Your Red Team Payloads Pwndrop is a self-deployable file hosting service for red teamers, allowing to easily upload and share payloads over HTTP and WebDAV.
evilginx Evilginx 2.3 - Phisherman's Dream Welcome to 2019! As was noted, this will be the year of phishing automation. We've already seen a release of new reverse-proxy tool Modlishka and it is only January. This release would not have happened without the inspiration I received from Michele Orru (@antisnatchor), Giuseppe Trotta (@Giutro) and Piotr Duszyński
evilginx Evilginx 2.2 - Jolly Winter Update Tis the season to be phishing! I've finally found some free time and managed to take a break to work on preparing a treat for all of you phishing enthusiasts out there. Just in time for the upcoming holiday season, I present you the chilly Evilginx update. [Download Evilginx 2
evilginx Evilginx 2.1 - The First Post-Release Update About 2 months ago, I've released Evilginx 2. Since then, a lot of you reported issues or wished for specific features. Your requests have been heard! I've finally managed to find some time during the weekend to address the most pressing matters. [>> Download Evilginx 2 from GitHub <<](https://github.com/
evilginx Featured Evilginx 2 - Next Generation of Phishing 2FA Tokens It's been over a year since the first release of Evilginx and looking back, it has been an amazing year. I've received tons of feedback, got invited to WarCon by @antisnatchor (thanks man!) and met amazing people from the industry. A year ago, I wouldn't have even expected that one
hacking Evilginx 1.1 Release Hello! Today I am bringing you another release of Evilginx with more bug fixes and added features. The development is going very well and the feedback from you is terrific. I've managed to address most of the requests you sent me on GitHub and I hope to address even more
hacking Evilginx 1.0 Update - Up Your Game in 2FA Phishing Welcome back! It's been just a couple of weeks since Evilginx release and I'm already swimming in amazing feedback. This encouraged me to spend more time on this project and make it better. The first release was more of a proof of concept, but now I want to make it
hacking Evilginx - Advanced Phishing with Two-factor Authentication Bypass Welcome to my new post! Over the past several months I've been researching new phishing techniques that could be used in penetration testing assignments. Almost every assignment starts with grabbing the low-hanging fruit, which are often employees' credentials obtained via phishing. In today's post I'm going to show you how
hacking Sniping Insecure Cookies with XSS In this post I want to talk about improper implementation of session tokens and how one XSS vulnerability can result in full compromise of a web application. The following analysis is based on an existing real-life web application. I cover the step-by-step process that lead to administrator's account take over
hacking How I Hacked an Android App to Get Free Beer Just recently I stumbled upon an Android app that lets you receive free products in various pubs, restaurants or cafes in exchange for points accumulated with previous purchases. When the purchase is made, you let the vendor know that you want to receive points. In the app you select the
assembly Defeating Antivirus Real-time Protection From The Inside Hello again! In this post I'd like to talk about the research I did some time ago on antivirus real-time protection mechanism and how I found effective ways to evade it. This method may even work for evading analysis in sandbox environments, but I haven't tested that yet. The specific
obfuscation Obfusion - C++ X86 Code Obfuscation Library After several weeks of research and having produced a proof-of-concept code in Python, I have finally found some time to code the obfuscation library in proper programming language. I have named the library Obfusion and I will make sure to expand on its functionality in the future. Obfusion, at the
x86 X86 Shellcode Obfuscation - Part 3 Hello and welcome back to the shellcode obfuscation series! If you've missed the previous episodes, take your time and catch up here: X86 Shellcode Obfuscation - Part 1 X86 Shellcode Obfuscation - Part 2 Last time, I've added obfuscation support for most common x86 instructions, which allowed to process the
x86 X86 Shellcode Obfuscation - Part 2 Welcome back to the series where I research the subject of shellcode obfuscation. If you missed the last episode, feel free to catch up by following this link: X86 Shellcode Obfuscation - Part 1 Last time I've created the tool's backbone for obfuscation. Ability to insert and delete instructions, while
x86 X86 Shellcode Obfuscation - Part 1 I decided to do research on shellcode obfuscation in order to see how hard it would be to develop a tool that can take any binary x86 shellcode and generate the completely unique version from it. Please note that such tool is most useful in scenarios when shellcode has to
