Working on developing a dedicated phishing training lab with MFA support for the upcoming Evilginx Mastery course.
Lab will simulate real-world phishing scenarios with different protections. Each lesson will teach how to develop a working phishlet hands-on for a given scenario.
Compromised a domain tonight in the craziest of ways.
VNC Server with no authentication -> LastPass vault open in browser -> main DA account in LastPass vault -> $$$
My tool PEsto now works with .NET Assemblies: you can widen your arsenal by obfuscating every possible C# offensive tool by applying:
- XOR encryption
- NTDLL Unhooking
- ETW patching
- AMSI patching
- Sandbox detection
Start obfuscating your arsenal:
https://t.co/OCps7Cw6Xr
Constrained Language Mode bypass when __PSLockDownPolicy is used. Just put "System32" somewhere in the path. Read more on my blog post here: https://t.co/XN14uTEMp2