Login
BREAKDEV/Evilginx Mastery
Buy now

  • €399

Evilginx Mastery

  • Course
  • 37 Lessons

Learn everything about the latest methods of phishing, using reverse proxying to bypass Multi-Factor Authentication. Learn to think like an attacker, during your red team engagements, and become the master of phishing with Evilginx.
Buy now

Walkthrough

Check out what the course is about, in the following walkthrough video.

What's new?

The course is constantly receiving new updates!

The latest update added the 50-minute video guide on how to create your own phishlet for MS365.

Frequently asked questions

You’ve got questions. We’ve got answers.

Who is this course for?

This course is suitable for anyone who's willing to learn how advanced phishing attacks are performed and how to protect users from reverse proxy phishing.

What are the requirements for undertaking this course?

Students are required to have basic knowledge of how world-wide web works.

Familiarity with HTTP protocol and JavaScript will help a lot to get the most out of this course.

All lessons assume the students will be using Windows 10 or 11, but most of the performed tasks are also achievable on Linux operating systems.

For how long can I access the course and the labs after purchase?

Access to the course, labs and Discord server is lifetime.

Once you purchase the course, it will be accessible for as long as you wish.

What will I learn after completing this course?

You will learn how to use Evilginx reverse proxy phishing framework to launch your own advanced phishing simulation attacks, bypassing various protections, including multi-factor authentication.

You will learn how to protect your users from reverse proxy attacks and if you are a web developer, you will find out how to prepare your website to make it much harder for attackers to phish your users.

You will learn how to create your own phishlets for Evilginx and learn the thought process of bypassing various client-side phishing protections.

Is there any support or private community for students?

Yes! Every student will receive an invite link to private Evilginx Mastery community server on Discord.

There you can ask questions and receive support, as well as get additional information about phishlet development.

Contents

Thank You

Introduction

A bit of background on phishing, its history and what reversy proxy phishing is about.

Intro
Evolution of Phishing
MFA & Web Security
Stealing The Token

Setup

Here we will set up our testing environment.

Intro
Preparing The Environment
Training Lab

Getting Started

Learn how to create your first phishlet and use Evilginx to phish yourself for the first time!

Intro
Preview
Creating a Phishlet
Catching Phish
Personalizing Lures

Advanced Phishing

Learn about more advanced features of Evilginx and how to fully customize your phishing campaigns.

Intro
Replacing Content
Forcing POST Parameters
Handling JSON & LocalStorage
JavaScript Injection
Landing Page Redirectors
Mass Lure Targeting
Proxying The Reverse Proxy
Blacklist Management

Security Hardening

Learn about how websites can protect their users from reverse proxy phishing. We will explore ways of bypassing such protections and also learning how to implement our own.

Intro
Location Validation
Secret Token Validation

Remote Deployment

Learn how to deploy Evilginx to remote server and properly set it up for use in your phishing engagements.

Intro
Set Up Your Server
Domain Setup
Deploy Evilginx
Remote Phishing
Persistence

Deep Sea Phishing

Here I will demonstrate the process of how I approach the creation of phishlets for different websites and how I attempt to circumvent the implemented client-side protections.

Intro
Okta: Defeating Protections
Okta: Session Tokens
Okta: Phishlet Templates
Microsoft 365 Personal - Creating a Phishlet
Microsoft 365 Personal - Cleaning Up
Microsoft 365 Enterprise - Adding Compatibility

Get Instant Notifications

Sign up and be the first to know when the new course drops!

You're signing up to receive emails from BREAKDEV