Update: Evilginx 3 is here! This post is based on Evilginx 2 and still works, as I forked the old repository to my personal Github, and did some tweaks to make it work. I recently created a newer version of the phishlet that only works for Evilginx 3. Read all about it here: Running Evilginx… Read More »How to set up Evilginx to phish Office 365 credentials| JanBakker.tech
A multi-stage adversary-in-the-middle (AiTM) and business email compromise (BEC) attack targets banking and financial services organizations.| Microsoft Security Blog
In the past months, there has been a growing increase in QR Code phishing, since attackers are using new creative ways to bypass existing protections. QR Code phishing is commonly used to bypass existing protections and steal/ collect tokens/ user...| Jeffrey Appel - Microsoft Security blog
Last year Microsoft announced a new feature called; Automatic attack disruption which uses correlated insights from the Microsoft 365 ecosystem and powerful AI models to stop sophisticated attack techniques while the attack is in progress. Automatic attack disruption supports the...| Jeffrey Appel - Microsoft Security blog
Phishlets are configuration files in YAML format. If you need to get familiar with YAML, first, you can find some good overview here: YAML Syntax| help.evilginx.com
I'm finally releasing the new update to Evilginx, together with Evilginx Mastery video course, created to teach you everything you need to know about reverse proxy phishing and using Evilginx in most efficient manner.| BREAKDEV