Hack the Box : Zephyr

by Vince
in Blog
Hits: 696

Hack the Box "Zephyr is an intermediate-level red team simulation environment, designed to be attacked as a means of learning and honing your engagement skills and improving your active directory enumeration and exploitation skills. Zephyr includes a wide range of essential Active Directory flaws and misconfigurations to allow players to get a foothold in corporate environments."

Read more

Evilginx2

by Vince
in Blog
Hits: 778

When running phishing campaigns, I use a number of tools.  For the mass, quarterly, security awareness training, I use the platform in Proofpoint.  For a more dynamic situation, I might use GoPhish.  For something quick and dirty for snagging credentials, I might use Evilginx2.  

From their Github:  "Evilginx2 is a man-in-the-middle attack framework used for phishing login credentials along with session cookies, which in turn allows to bypass 2-factor authentication protection."

Read more