BREAKDEV RED - Red Team Community

Join the vetted Discord community, oriented around using Evilginx and ethical phishing, where everyone can safely share their phishing tips and tricks without worrying about them being misused by unknown parties.

BREAKDEV RED - Red Team Community

Today I want to announce my plan for creating a closed community for professional red teamers, working in red team companies, who perform phishing engagements as part of their job.

Read more about it below, but if you're already ready to sign up, here is the button, which will take you to the registration form:

Red Teams United

My idea is to create a vetted Discord community, oriented around using Evilginx and ethical phishing, where everyone can safely share their phishing tips and tricks without having to worry about such information being misused by malicious parties.

I plan to launch a community repository for Evilginx phishlets, which will be maintained by me and other red teamers from the same trusted BREAKDEV RED community. Every community member will be granted free access to the repository and everyone will be able to contribute their own phishlets.

Additionally, all community members will be granted the ability to purchase licenses for Evilginx Pro as soon as it lands. The reveal of all the upcoming features will happen in the upcoming weeks. I expect Evilginx Pro to become a game-changer in professional phishing, solving a lot of issues around detection and adding the ability to bypass the latest reverse proxy phishing mitigations.

One of my main concerns is for Evilginx Pro to not fall into the hands of wrong-doers, which is the number one reason why I want to establish the trusted community in the first place.

Benefits for BREAKDEV RED members:

  • FREE access to the private Evilginx phishlets repository on GitHub, maintained by me and other Evilginx power users.
  • FREE access to the private BREAKDEV RED community on Discord, where you can interact with fellow red teamers, who went through the same vetting process as you did.
  • (OPTIONAL) Ability to purchase licenses for Evilginx Pro when it comes out sometime later this year or early 2024.

I have already confirmed that Discord communities can be highly beneficial for brainstorming and for Evilginx development. One of the great examples was when @JackButton_ shared how he implemented his own idea of signature base evasion and automated scan preventions using CloudFlare, on Evilginx Mastery Discord.

How do I sign up?

First of all, here is a list of requirements you need to fulfill, in order to be granted membership:

Registration requirements:

  • You're an employee or an owner of a cybersecurity company offering legal penetration testing services, with a focus on phishing simulations.
  • The provided contact e-mail should be hosted on the company domain. Sorry, no free domains (Gmail, Protonmail etc.), since those carry the risks of impersonation.
  • Your company should have a public website with outlined services provided in the area of cybersecurity. Once your status is approved, I will send you an email to the address you provided, with a final confirmation request.

If by any chance you do not use company emails hosted on the company domain, please explain in the "Comments" section of the form and we will work something out.

If you're ready to sign up, clicking this button will lead you to the registration form:


What is Evilginx Pro?

It is a privately maintained version of Evilginx which employs:

  • Evasion of widely employed phishing detection mechanisms.
  • Extra features like extraction of secret tokens, using an entirely new Evilpuppet module, responsible for interfacing Evilginx with a background browser.
  • Reverse proxy support for most popular services (including Google, LinkedIn and more).

I will release a blog post soon, going into detail on what exactly the Pro version is about.

Update: The blog post is out.

What is the registration form about?

Since I do not want any of the community benefits to be abused or misused, I want to offer them EXCLUSIVELY to legitimate cybersecurity companies, offering red teaming and/or penetration testing services.

Your answers allow me to learn more about your company and let me make a decision whether to put it on the list of trusted companies, interested in becoming Evilginx power users.