Christoffer S.<p>(sophos.com) Evilginx: How Attackers Bypass MFA Through Adversary-in-the-Middle Attacks <a href="https://news.sophos.com/en-us/2025/03/28/stealing-user-credentials-with-evilginx/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">news.sophos.com/en-us/2025/03/</span><span class="invisible">28/stealing-user-credentials-with-evilginx/</span></a></p><p>A short descriptive article about Evilginx and how stealing credentials work, a few suggested ways of detecting etc.</p><p>Summary:<br>This article examines Evilginx, a tool that leverages the legitimate nginx web server to conduct Adversary-in-the-Middle (AitM) attacks that can bypass multifactor authentication (MFA). The tool works by proxying web traffic through malicious sites that mimic legitimate services like Microsoft 365, capturing not only usernames and passwords but also session tokens. The article demonstrates how Evilginx operates, showing how attackers can gain full access to a user's account even when protected by MFA. It provides detection methods through Azure/Microsoft 365 logs and suggests both preemptive and reactive mitigations, emphasizing the need to move toward phishing-resistant FIDO2-based authentication methods.</p><p><a href="https://swecyb.com/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cybersecurity</span></a> <a href="https://swecyb.com/tags/ThreatIntel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ThreatIntel</span></a> <a href="https://swecyb.com/tags/Evilginx" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Evilginx</span></a> <a href="https://swecyb.com/tags/Phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Phishing</span></a> <a href="https://swecyb.com/tags/Credentials" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Credentials</span></a> <a href="https://swecyb.com/tags/MFA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MFA</span></a> <a href="https://swecyb.com/tags/Azure" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Azure</span></a> <a href="https://swecyb.com/tags/Sophos" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Sophos</span></a></p>
Recent searches
No recent searches
Search options
Not available on dice.camp.
dice.camp is one of the many independent Mastodon servers you can use to participate in the fediverse.
A Mastodon server for RPG folks to hang out and talk. Not owned by a billionaire.
Administered by:
Server stats:
1.8Kactive users
dice.camp: About · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.3.7
#evilginx
0 posts · 0 participants · 0 posts today
Erik van Straten<p>2FA (MFA) beschermt *niet* tegen steeds meer phishingaanvallen:</p><p><<<Tycoon 2FA operates as an adversary-in-the-middle (AitM) phishing kit. Its primary function is to harvest Microsoft 365 and Gmail session cookies. >>><br><a href="https://www.proofpoint.com/us/blog/email-and-cloud-threats/tycoon-2fa-phishing-kit-mfa-bypass" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">proofpoint.com/us/blog/email-a</span><span class="invisible">nd-cloud-threats/tycoon-2fa-phishing-kit-mfa-bypass</span></a></p><p>U kunt zichzelf hier prima tegen beschermen, zonder passkeys of software van bijvoorbeeld Proofpoint te gebruiken: zie <a href="https://security.nl/posting/841126" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">security.nl/posting/841126</span><span class="invisible"></span></a></p><p><a href="https://infosec.exchange/tags/2FA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>2FA</span></a> <a href="https://infosec.exchange/tags/MFA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MFA</span></a> <a href="https://infosec.exchange/tags/AitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AitM</span></a> <a href="https://infosec.exchange/tags/AitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AitM</span></a> <a href="https://infosec.exchange/tags/Passkeys" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Passkeys</span></a> <a href="https://infosec.exchange/tags/PasswordManager" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PasswordManager</span></a> <a href="https://infosec.exchange/tags/Passwords" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Passwords</span></a> <a href="https://infosec.exchange/tags/Phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Phishing</span></a> <a href="https://infosec.exchange/tags/PhaaS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PhaaS</span></a> <a href="https://infosec.exchange/tags/EvilProxy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>EvilProxy</span></a> <a href="https://infosec.exchange/tags/EvilGinx" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>EvilGinx</span></a> <a href="https://infosec.exchange/tags/EvilGinx2" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>EvilGinx2</span></a> <a href="https://infosec.exchange/tags/Tycoon" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Tycoon</span></a> <a href="https://infosec.exchange/tags/Proofpoint" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Proofpoint</span></a></p>
Chris<p>is <a href="https://chaos.social/tags/evilginx" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>evilginx</span></a> still a thing to phish outlook.com credentials / token? <a href="https://chaos.social/tags/evilginx2" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>evilginx2</span></a></p>
Eric Woodruff [MS MVP] :donor:<p>For anyone at <span class="h-card" translate="no"><a href="https://infosec.exchange/@BlueTeamCon" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>BlueTeamCon</span></a></span> who wants to understand why many forms of MFA are not phishing-resistant and why passkeys/FIDO2 are, tomorrow at 12:20pm during lunch in the <a href="https://infosec.exchange/tags/unconference" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>unconference</span></a> room I’ll be delivering an impromptu session on <a href="https://infosec.exchange/tags/phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>phishing</span></a> resistant authentication, including a live demo of <a href="https://infosec.exchange/tags/evilginx" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>evilginx</span></a>.</p><p><a href="https://infosec.exchange/tags/BlueTeamCon" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BlueTeamCon</span></a> <a href="https://infosec.exchange/tags/BlueTeam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BlueTeam</span></a> <a href="https://infosec.exchange/tags/blueteamcon2023" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>blueteamcon2023</span></a> <a href="https://infosec.exchange/tags/mvpbuzz" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>mvpbuzz</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a></p>
ExploreLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload