Attackers have a new way to slip past MFA in educational orgs

Researchers are warning about a rise in cases of attackers using Evilginx to steal session cookies among educational institutions—letting them bypass the need for a multi-factor authentication MFA token. Evilginx is an attacker-in-the-middle phishing toolkit that sits between you and the real...

Cybercriminals Use Go Resty and Node Fetch in 13 Million Password Spraying Attempts

Cybercriminals are increasingly leveraging legitimate HTTP client tools to facilitate account takeover ATO attacks on Microsoft 365 environments. Enterprise security company Proofpoint said it observed campaigns using HTTP clients Axios and Node Fetch to send HTTP requests and receive HTTP...

How AitM Phishing Attacks Bypass MFA and EDR—and How to Fight Back

Attackers are increasingly using new phishing toolkits open-source, commercial, and criminal to execute adversary-in-the-middle AitM attacks. AitM enables attackers to not just harvest credentials but steal live sessions, allowing them to bypass traditional phishing prevention controls such as MF...

Frameless-Bitb - A New Approach To Browser In The Browser (BITB) Without The Use Of Iframes, Allowing The Bypass Of Traditional Framebusters Implemented By Login Pages Like Microsoft And The Use With Evilginx

A new approach to Browser In The Browser BITB without the use of iframes, allowing the bypass of traditional framebusters implemented by login pages like Microsoft. This POC code is built for using this new BITB with Evilginx, and a Microsoft Enterprise phishlet. Before diving deep into this, I...

PenTales: What It’s Like on the Red Team

At Rapid7 we love a good pen test story. So often they show the cleverness, skill, resilience, and dedication to our customer’s security that can only come from actively trying to break it! In this series, we’re sharing some of our favorite tales from the pen test desk and hopefully highlight som...

Evilginx - MITM Attack Framework [Advanced Phishing With Two-factor Authentication Bypass]

Evilginx is a man-in-the-middle attack framework used for phishing credentials and session cookies of any web service. It's core runs on Nginx HTTP server, which utilizes proxypass and subfilter to proxy and modify HTTP content, while intercepting traffic between client and server. You can learn...