If you have a login page which is reachable over the internet, at some point it’s going to get attacked. The reason why is because it can be extremely easy for attackers to do so….
EvilGinx is a prime example of some of the amazing tools out there that came be used for Phishing. If you haven’t heard of it, EvilGinx was release a few years back and showed us a weak point in 2FA. For most back then, MFA was a sure way to thwart the bad guys and it make the system or user account “impenetrable”…..
The services below are some of the most commonly abused services for malicious parties to “live of the land”. Each are built into Windows and inherit trust by default. Because of this, security controls won’t ever be able to fully isolate them without affecting the operating system. For example, your endpoint protection can’t block command prompt and Powershell because engineers use them for automation tasks, nor can it block task scheduler or certuitl…….
Malicious parties might chose to encode their commands or scripts. The reason why is that if your auditing isn’t up to scratch, it may go unseen. In some cases it can also help bypass the AV….
HiddenEye is a modern-day phishing tool. The advanced capabilities and ease of use really make Phishing life simple. With just a few clicks, you can spin up a fake phishing site with keylogging capabilities. It is a really cool tool to use…..
When thinking of phishing, you might think of ‘Winning the Nigeran lottery’ or ‘Paying a small holding fee so that a prince can make you rich’. These were common attempts back in the day and the aim was to trick you so that you would send the scammer money. Since then, Phisher-men and women have evolved and are now using new techniques. What these people want though are very different things. Nowadays these types of attacks aim to steal personal details, credentials, money or even to infect the users machine……