I approve this message! 🪝🐟

Black Friday and Cyber Monday deals are out! I review some of them and link to a community GitHub page for you all to get discounts on courses, tools and services! Deals from @_RastaMouse, @_JohnHammond, @offsectraining, @evilginx, @Antisy_Training and a whole lot more.

🚨 "Working With Evilginx On-Premises" For projects where OPSEC is critical: keep sensitive data on your server, use cloud only for redirectors. Architecture: Cloudflare → Caddy → Evilginx (on-prem via Tailnet) https://t.co/ZNd8CuHKwI @evilginx @mrgretzky #Phishing #OPSEC

The official MFA phishing anthem! 🍪💗🎵

🚨 The Black Friday sale is coming! The sale drops at midnight today! (UTC+1) It will be the biggest sale yet! 🤩

Black Friday is on 29th November this year. Just sayin'... 🤫

Black hat Asia training is completed. Two days of sharing with our students how APTs compromise AD and Entra ID. And I couldn't help but give a quick shout-out to @evilginx Next stop is @x33fcon & I'm looking forward to it!

Merry Christmas everyone! ❄️☃️🎄 Wish you all the best and thank you for a great year! ✨️

🚨 BLACK FRIDAY Evilginx Mastery -40% SALE 🚨 👑 40% discount (biggest yet!) ⏰ Only 24 hours Code: BLACKFRIDAY40SALE Link: https://t.co/XxQ1SO8N3t Hurry! It's active only until tomorrow!

🚨 Evilginx Mastery Black Friday SALE is coming... tomorrow! 🔥 It will be the BIGGEST sale so far! 🤩 ⏰ Sale will last only 24 hours.

The @evilginx Mastery course is way too much fun 👀

The purpose of SMS/Push/# matching MFA was to put you past most victims and thus most toolsets. There was a point you were basically immune with legacy protocols turned off in Exchange. Now that stronger methods are normalized, attackers are targeting their weaknesses. Not done.

Session hijacking a Microsoft 365 account! Stealing their credentials and bypassing MFA prompt with Evilginx: a reverse-proxy phishing framework! We stage a phishing domain and email pretense, and gain full access to the victim account! https://t.co/E29wB0yNXt

🚨 The big reveal of Evilginx Pro is finally OUT! 🚨 📔From this blog post you will learn what makes the Pro version different from the community one. 🎟️I explain how Evilpuppet secret token extraction works and showcase the core features. Enjoy! 🪝🐟 https://t.co/kQyxOOiODI

🎬Phishing LinkedIn and bypassing MFA demo created for the upcoming Evilginx Pro post 🔥 💡Evilginx uses a background browser to capture the secret token from legitimate website and inject it back into the reverse proxy phishing session. P.S. Enjoy that Cyberpunk tune I made 🎵

Patch to add custom DNS records in running instance of Evilginx made by @ojensen5115 🔥 This is getting added for good in upcoming updates.

🚨BREAKING: Evilginx 3.2 is OUT! 🪝🐟 To celebrate the release of the new update, here is the special 10% discount code for the Evilginx Mastery course! 🎁Code: EVILGINX32 (valid until 31st Aug) 🔗Link: https://t.co/C5XxroUn7C https://t.co/wIZx2HlxCU

Finally my talk from @x33fcon is online! 🔥 I try my best to explain what websites could do to protect the users against reverse proxy phishing attacks like Evilginx.🪝🐟 There is also a bonus live demo at the end with some Evilginx Pro secret sauce! 💡 https://t.co/fXZ0TXfK5m

🎁 Who is excited for Evilginx 3.2 release NEXT WEEK? 🔥 One of the new features is the ability to pause your lures for fixed time duration. Useful if you want to prevent your lure URLs from being scanned right after you send them out or if you want to lay low for a day or two.

Override global redirect URL for each phishlet separately in the upcoming Evilginx 3.2 update 🔥 More features to come as well! Huge thanks to @0x_aalex for pitching this idea in his PR on GitHub.