Developer and security hacker. ๐งโโ๏ธ๐งโโ๏ธ
Dayjob doing webpentest, phishing and red team stuff
Nightjob developing a open source phishing framework.
Added Remote Browser Phishing experimental support to Phishing Club. Different from AiTM proxying and VNC/WebRTC streaming like CuddlePhish. The victim interacts with a page you built while a real browser on your server handles the actual login.
Blog: https://t.co/QKFEAmO8aa
@akaclandestine@akaclandestine This is a malicious fork of https://t.co/VK1qoItGBJ that is weaponized with malware to infect anyone who tries uses it. All links in the readme download a .zip containing a obfuscated lua script and a lua.exe to run it. Please dont endorse malware
Now you can phish a session in Phishing Club.
Use Session Sushi to get a oauth refresh/access token (and fun stuff).
Then feed the token back into Phishing Club and phish more users via. the compromised account via. Graph API.
๐ฃ Check out our latest red team tool https://t.co/FpYc8Np08h
For post session phishing compromise ๐ฃ
Zero dependency browser extension for handling cookies, Microsoft 365 OAuth tokens, and Graph API interactions.
Phishing Club v1.20.0 is out. Now you can customize the obfuscation template ๐ฅท and adjust the UI to if you are using it for blackbox or whitebox phishing. Beyond that it has a handful of bug fixes and various improvements.
https://t.co/fWW2m8c3VO
Help ๐
Phishing Club now support using custom oauth and API requests you define for delivering lures. For example, send the lures using the ms graph API ๐
I need ideas for great applications to try out this features with, for red team lures!
#RedTeaming
I just published a complete guide on using Phishing Club to run a covert red team phishing operation ๐ฅท
From setup to using a hijacked session
https://t.co/OpLL16D9Pg
#RedTeam#InfoSec#OffensiveSecurity#phishing
But Phishing Club is also for red teamers!
MITM features
- Modify and capture from req and res
- Rewrite url paths and params
- Rewrite with CSS selector
- Allow / Deny using JA4 and CIDR
- Obfuscation
- Custom bot evasion
- Access control
- JA4 Browser impersonation
More!
Phishing Club 1.7.0 is out! ๐ฃ https://t.co/fWW2m8bw6g
Features: Multiple domains with TLS, Connect multiple landing pages, MITM proxy, Advanced scheduling, Send via. SMTP or API delivery and much much more!
#phishing#redteam#security#infosec#cybersecurity#phishingclub
@cyb3rops Fair enough. If you are not the one doing intrusion, penetration tests and such offensive activities, then I would probably call you a blue teamer, grc or something else. I think the terms can help give a 10.000 idea of what people do, but ofc it not black and white at all..