With the increase in reverse proxy phishing attacks worldwide, major vendors have started implementing more advanced detections. Is it enough to prevent the most determined attackers? I will take you on a deep dive into bypassing the most modern anti-phishing protections with Evilginx Pro.
First, KG will explain what the major vendors are doing to protect their users from reverse proxy phishing, including techniques like:
JA3/JA4 fingerprinting.
Using "Shadow token" or "secret token" smuggling.
Telemetry gathering through obfuscated JavaScript.
After presenting how the protections work he will jump into the demo of Evilginx Pro, showing how it differs from the public version of Evilginx. He will show how red teams can maximize their effectiveness using the new UI improvements and anti-detection measures. He will also try to briefly demonstrate Evilpuppet - the module of Evilginx Pro, which allows Evilginx to interface with the background browser to extract tokens and other data from legitimate sign-in sessions.
He will conclude with the demonstration of Evilginx Pro in action, performing a successful phishing attack on a well-protected target.