🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

I wrote a blog post on the many defense mechanisms phishing kits are using to avoid discovery and analysis now. I used a recent instance of NakedPages and cover 9 different techniques, including Cloudflare Workers and Turnstile abuse. IOCs included. pushsecurity.com/blog/how-aitm-…

Some of my research on SaaS attacks, including ghost logins and other persistence vectors, made it on to Darknet Diaries Achievement unlocked.

I am filled with pride & joy having heard Evilginx compared to Cobalt Strike, on the latest episode of Risky Business. Huge thank you to Luke Jennings from @pushsecurity for making this bold statement (and for pronouncing Evilginx properly! 😜) Sorry, I could not help myself 😆

This week was my first time attending MSSN CTRL. It’s been a great conference and wow what a memorable view from the venue! Thanks for inviting me LimaCharlie!

Interested in security research? Fascinated by the new era of identity attacks? Come join my team! Must be US-based, but it's 100% remote. pushsecurity.bamboohr.com/careers/74?sou…

Back by popular demand, I wrote a second part blog post on the many defense mechanisms phishing kits are using to avoid detection. This second part dives deep on one specific strategy - preventing detection of commonly cloned login pages e.g. Microsoft pushsecurity.com/blog/how-aitm-…

Someone is using Evilginx to target customers of Onfido, part of Entrust, with a malicious Google advert that comes above the legitimate Onfido advert 🤯 Yes that us[.]com domain is actually an evilginx server - guess which advert is the malicious one

Recently I was targeted by an extremely sophisticated phishing attack, and I want to highlight it here. It exploits a vulnerability in Google's infrastructure, and given their refusal to fix it, we're likely to see it a lot more. Here's the email I got:

Wrote about a novel technique that leverages the well-known Device Code #phishing approach. It dynamically initiates the flow as soon as the victim opens the phishing link and instantly redirects them to the authentication page. Capable to bypass #fido denniskniep.github.io/posts/09-devic…