Login
BREAKDEV/Evilginx Mastery
Buy now

  • €399

Evilginx Mastery

  • Course
  • 37 Lessons

Learn everything about the latest methods of phishing, using reverse proxying to bypass Multi-Factor Authentication. Learn to think like an attacker, during your red team engagements, and become the master of phishing with Evilginx.
Buy now

Walkthrough

Check out what the course is about, in the following walkthrough video.

What's new?

The course is constantly receiving new updates!

The latest update added the 50-minute video guide on how to create your own phishlet for MS365.

Frequently asked questions

You’ve got questions. We’ve got answers.

Who is this course for?

This course is suitable for anyone who's willing to learn how advanced phishing attacks are performed and how to protect users from reverse proxy phishing.

What are the requirements for undertaking this course?

Students are required to have basic knowledge of how world-wide web works.

Familiarity with HTTP protocol and JavaScript will help a lot to get the most out of this course.

All lessons assume the students will be using Windows 10 or 11, but most of the performed tasks are also achievable on Linux operating systems.

For how long can I access the course and the labs after purchase?

Access to the course, labs and Discord server is lifetime.

Once you purchase the course, it will be accessible for as long as you wish.

What will I learn after completing this course?

You will learn how to use Evilginx reverse proxy phishing framework to launch your own advanced phishing simulation attacks, bypassing various protections, including multi-factor authentication.

You will learn how to protect your users from reverse proxy attacks and if you are a web developer, you will find out how to prepare your website to make it much harder for attackers to phish your users.

You will learn how to create your own phishlets for Evilginx and learn the thought process of bypassing various client-side phishing protections.

Is there any support or private community for students?

Yes! Every student will receive an invite link to private Evilginx Mastery community server on Discord.

There you can ask questions and receive support, as well as get additional information about phishlet development.

Contents

Thank You
  • 1 min
  • 75 MB

Introduction

A bit of background on phishing, its history and what reversy proxy phishing is about.

Intro
  • 1 min
  • 45.5 MB
Evolution of Phishing
  • 3 mins
  • 151 MB
MFA & Web Security
  • 3 mins
  • 150 MB
Stealing The Token
  • 5 mins
  • 261 MB

Setup

Here we will set up our testing environment.

Intro
  • 1 min
  • 39.8 MB
Preparing The Environment
  • 14 mins
  • 204 MB
Training Lab
  • 5 mins
  • 122 MB

Getting Started

Learn how to create your first phishlet and use Evilginx to phish yourself for the first time!

Intro
  • 5 mins
  • 86.9 MB
Preview
Creating a Phishlet
  • 22 mins
  • 247 MB
Catching Phish
  • 25 mins
  • 397 MB
Personalizing Lures
  • 12 mins
  • 176 MB

Advanced Phishing

Learn about more advanced features of Evilginx and how to fully customize your phishing campaigns.

Intro
  • 1 min
  • 21.1 MB
Replacing Content
  • 11 mins
  • 127 MB
Forcing POST Parameters
  • 13 mins
  • 168 MB
Handling JSON & LocalStorage
  • 21 mins
  • 293 MB
JavaScript Injection
  • 19 mins
  • 304 MB
Landing Page Redirectors
  • 12 mins
  • 225 MB
Mass Lure Targeting
  • 8 mins
  • 148 MB
Proxying The Reverse Proxy
  • 5 mins
  • 66.7 MB
Blacklist Management
  • 8 mins
  • 111 MB

Security Hardening

Learn about how websites can protect their users from reverse proxy phishing. We will explore ways of bypassing such protections and also learning how to implement our own.

Intro
  • 1 min
  • 62.2 MB
Location Validation
  • 17 mins
  • 215 MB
Secret Token Validation
  • 21 mins
  • 381 MB

Remote Deployment

Learn how to deploy Evilginx to remote server and properly set it up for use in your phishing engagements.

Intro
  • 1 min
  • 27.3 MB
Set Up Your Server
  • 15 mins
  • 216 MB
Domain Setup
  • 6 mins
  • 97.2 MB
Deploy Evilginx
  • 15 mins
  • 286 MB
Remote Phishing
  • 7 mins
  • 128 MB
Persistence
  • 4 mins
  • 45 MB

Deep Sea Phishing

Here I will demonstrate the process of how I approach the creation of phishlets for different websites and how I attempt to circumvent the implemented client-side protections.

Intro
  • 2 mins
  • 78.5 MB
Okta: Defeating Protections
  • 30 mins
  • 534 MB
Okta: Session Tokens
  • 14 mins
  • 312 MB
Okta: Phishlet Templates
  • 10 mins
  • 185 MB
Microsoft 365 Personal - Creating a Phishlet
  • 29 mins
  • 549 MB
Microsoft 365 Personal - Cleaning Up
  • 14 mins
  • 286 MB
Microsoft 365 Enterprise - Adding Compatibility
  • 9 mins
  • 189 MB

Get Instant Notifications

Sign up and be the first to know when the new course drops!

You're signing up to receive emails from BREAKDEV