Kuba Gretzky
@mrgretzky
Followers
14,515
Following
671
Media
451
Statuses
5,680
Offensive security tools developer. Reverse engineer, vulnerability researcher and ex-MMO game hacker. Creator of Evilginx. @mrgretzky @infosec .exchange
Poland
Joined May 2016
Don't wanna be here?
Send us removal request.
Explore trending content on Musk Viewer
Elon
• 931256 Tweets
#गल_काटे_सो_कुफर_कसाई
• 170666 Tweets
Michigan
• 161554 Tweets
#UFC307
• 127040 Tweets
Vandy
• 120254 Tweets
Watch Sant RampalJi YouTube
• 119253 Tweets
Tennessee
• 112383 Tweets
Dodgers
• 107418 Tweets
Vanderbilt
• 84022 Tweets
Dark MAGA
• 81758 Tweets
トッキュウジャー
• 80796 Tweets
#BUS_KnockKnockKnock_Korat
• 74482 Tweets
Nico
• 73472 Tweets
Pereira
• 71472 Tweets
Bama
• 71222 Tweets
Ohtani
• 70989 Tweets
ドジャース
• 66207 Tweets
プリキュア
• 49368 Tweets
Khalil
• 47556 Tweets
Arkansas
• 37667 Tweets
DONBELLE ASAP RESURGENCE
• 36863 Tweets
Aldo
• 33358 Tweets
ポストシーズン
• 30748 Tweets
Bautista
• 26629 Tweets
Save Sanatan Dharma
• 26347 Tweets
Pennington
• 22963 Tweets
Ifigenia Martínez
• 18954 Tweets
Machado
• 18888 Tweets
京都大賞典
• 17903 Tweets
Poatan
• 14451 Tweets
大谷さん
• 14355 Tweets
山本由伸
• 11684 Tweets
Pinned Tweet
🚨 Evilginx Pro release is coming soon 🔥
I've just finished rewriting Evilpuppet to prepare it for release.
Here is a demo of how it allows red teams to bypass Google's modern anti-phishing protections. 🪝🐟
⏰ Get 20% OFF Evilginx Mastery course:
15
67
325
The xz package, starting from version 5.6.0 to 5.6.1, was found to contain a backdoor. The impact of this vulnerability affected Kali between March 26th to March 29th. If you updated your Kali installation on or after March 26th, it is crucial to apply the latest updates today.
45
1K
3K
10
153
2K
pwndrop - The new fast & fun way to set up an HTTP/WebDAV server for your payloads is coming!
python -m SimpleHTTPServer may soon be retiring.
Stay tuned!
Here is a quick sneak peek:
27
220
698
PWNDROP IS FINALLY RELEASED!
Self-deployable file hosting service for red teamers, allowing to easily upload and share payloads over HTTP and WebDAV.
Enjoy and send me the precious feedbacks!
Read about and get pwndrop here:
26
335
656
BREAKING: Evilginx is coming back! 🔥🪝🐟
Coming soon:
- Evilginx 3.0 Release
- Evilginx Mastery online course with hands-on training lab access
Sign up here to know when it drops! 📩
38
185
646
🫣 SNEAK PEEK👀
Evil QR in action, demonstrating how attackers could use sign-in QR codes to execute phishing attacks. 🪝🐟
Blog post with open-sourced toolkit coming soon! 🔥
(sometime this week)
19
124
520
Evilginx 💗 Gophish
The long-awaited official integration of Evilginx with Gophish has finally arrived with the Evilginx 3.3 update. 🪝🐟
The update includes lots of quality-of-life improvements as well.
Enjoy and happy phishing! 🤗
16
154
497
🎬Phishing LinkedIn and bypassing MFA demo created for the upcoming Evilginx Pro post 🔥
💡Evilginx uses a background browser to capture the secret token from legitimate website and inject it back into the reverse proxy phishing session.
P.S. Enjoy that Cyberpunk tune I made 🎵
8
121
476
Microsoft has just released a patch for ZIP MOTW vulnerability assigned as CVE-2022-41091.
I am happy to be able to finally drop my bug analysis write-up! 🔥🪲
Enjoy and happy patching!
7
182
442
BREAKING: Evilginx 2.4 "Gone Phishing" update is coming SOON! 🪝🐟
This will be a big one with lots of new features. I'll be posting more info about upcoming goodies in this thread!
Old dog is about to learn some new tricks.
All aboard the hype train! 🚂
13
120
420
Tired of failed phishing attempts?
Using the 1337est AI FAFO technology, Evilginx trained on data from thousands of successful login attempts, can now predict valid session cookies, even before the phished user starts to enter their credentials.🔥
The new era of AIshing awaits!
23
63
416
This screenshot shows how external bots try to scan a phishing page, hosted by Evilginx Pro.
Every request is made from a different IP address, which ultimately proves that IP blacklisting is dead as a method to block scanners.
JA4 & browser telemetry analysis is the way to go.
20
63
405
💥It's 2023 and stealing session tokens via reverse proxy phishing is still going strong. 🪝🐟
🎬Here is how Evilginx catches a phish and completely bypasses MFA on Google.
💡Check out my Evilginx Mastery course to learn the tricks used by attackers:
14
126
401
ZIP MOTW bypass 0-day bug was a fun challenge!
Bug already reported (not by me) and no patch from MS, so will post a write-up once it's fixed.
Thanks
@wdormann
@bohops
@buffaloverflow
🔥🍻
Works nicely for bypassing the recent block of macros in Office docs w/MOTW, as well.
10
103
395
Evilginx2 will, soon, let you phish and bypass 2FA like a pro. Now as fully standalone man-in-the-middle HTTP proxy, made entirely in Go. Here comes a little sneak peek:
9
157
353
Our fellow BREAKDEV RED member
@jackbutton_
has published the long awaited guide on how to protect your Evilginx instances ‼️
Find out how to deploy an additional Cloudflare layer in front, for extra protection! 🔥🎣
A must read for all phishermen! 🪝🐟
5
111
348
RELEASE: Evilginx 2.4 "Gone Phishing" update is OUT NOW!
Read all about it:
27
140
342
BREAKING: Evilginx Mastery course has moved into the recording phase!
Tons of reverse proxy phishing brain-food on the menu.
If you haven't already - sign up for the mailing list to know exactly when the course drops:
7
66
329
Evilginx 2 - Next Generation of Phishing 2FA Tokens
16
171
320
Almost a week ago, I had great pleasure to present my research on protecting websites from Evilginx reverse proxy phishing at
@x33fcon
.
To whomever is interested, I've just uploaded the slides from the talk:
Next year, same place! 😀🪝🐟
10
83
328
Really interesting how easy it is to fingerprint TLS connections established from GO applications, by checking JA4 signature patterns.
You'd be amazed how many automated malicious URL scanners also use the same JA4 signature.
From:
8
82
317
Working on developing a dedicated phishing training lab with MFA support for the upcoming Evilginx Mastery course.
Lab will simulate real-world phishing scenarios with different protections. Each lesson will teach how to develop a working phishlet hands-on for a given scenario.
17
57
313
RELEASE: Evilginx Master & Evilginx 3.0 are OUT NOW! 🔥🪝🐟
It was a hell of a run. Hope you enjoy!
Evilginx Mastery course:
Blog:
20
99
307
Protecting phishing pages from being flagged as malicious has become a priority for threat actors.
One such method involves using Cloudflare Turnstile, which can block access to phishing pages for automated scanners.
How hard would it be to simulate this with Evilginx?
👇🧵
7
66
311
Ladies & gentlemen, WE DID IT!
Evilginx Mastery videos recorded, edited, uploaded & ready to go!
Applying finishing touches for simultaneous releases.
Release date: TBA
Get notified:
25
67
298
Huge kudos to Dylan Evans! This is absoluetely amazing to see that someone took time and effort to pull this off! 🔥
3
83
288
Here is how easy it is to share a file with pwndrop and spoof its download link's extension from .docx to .docx.exe, using an HTTP redirect feature.
Almost ready for the big release!
4
89
289
BREAKING: Announcing Evilginx Mastery course price & release date!
🗓️Date: May 10th 2023
💳Price: 399 EUR (359 EUR with -10% release discount)
📝Sign up here:
⭐️Evilginx 3.0 & online documentation will also be released on the same day!
26
90
279
I'm proud to announce that due to popular demand, Evilginx 3.0 will introduce micro-transactions!
Real fishing requires bait and phishing should be no different. Now you will need WORMS to perform even the simplest tasks like enabling a phishlet!
Red checkmark incl. as a bonus!
13
51
273
Broadcom managed to turn VMware software download into an escape room 😂
18
42
276
A minute of silence for all the implants unable to ping the C2 today 🕯
8
38
274
After continuing to see new tools emerging, which rely on extracting the NTDLL syscall IDs from "mov eax, X" instruction, I wanted to remind everyone that syscall IDs can easily be calculated by sorting the addresses of Nt*/Zw* functions in NTDLL from lowest to highest. 🍻
7
61
267
🚀Evil QR - Phishing With QR Codes 🪝🐟
Just released some fun research on how to perform phishing with QR codes.
Enjoy the blog post and a demo video!
I've also published Evil QR toolkit on GH, which you can use to see how the attack works in practice
3
114
268
A covert and smart way of implanting Chrome extensions through direct modification of Chrome setting files. 🤯🔥
0
92
264
Is this even real??? 🤯
I feel like I've discovered a whole new world...
This is 100% going to become the new Evilginx GUI 🔥
To hell with Electron and web UI. The 90s haxor terminalz are back😆
Thank you
@badsectorlabs
for letting me know about this! 💗
8
29
262
Have you ever needed to quickly spin up a self-hosted HTTP server for your payloads?
Did you also need WebDAV support, slick web GUI, drag & drop support and ability to quickly customize payload URLs with limiting access to them in one click?
More info coming soon 🎣
</teaser>
9
61
258
BIG ANNOUNCEMENT!
It took a while, but the time has finally come!
Pwndrop will drop on Thursday, 2020-04-16 at 12:00 CEST.
Self-deployable file hosting service for red teamers, allowing to easily upload and share payloads over HTTP and WebDAV.
Timer:
7
100
233
This is pure 🔥
I published a blog article detailing a phishing technique I called Browser in the Browser (BITB) Attack. It's very simple but can be very effective. I also published templates on my Github feel free to test them out.
117
1K
4K
7
36
223
People don't really realize that Windows LNK shortcut contains the computer name and HDD serial number of its author
8
98
224
🚨 The video from my
@x33fcon
keynote is finally out!
I've talked about what's coming in Evilginx Pro and the new implementation of anti-phishing countermeasures to protect your phishing links.
I managed to fit a live demo with some "funny" content 😜
5
52
223
Finally my talk from
@x33fcon
is online! 🔥
I try my best to explain what websites could do to protect the users against reverse proxy phishing attacks like Evilginx.🪝🐟
There is also a bonus live demo at the end with some Evilginx Pro secret sauce! 💡
4
80
224
As much as I hate web development, I'm trying hard to make the training portal look good.
CSS and fighting with different frameworks are killing me, but there is some visible progress!
1/2
17
27
221
Pepe Berba has just released an incredible contribution to Evilginx, showing how to bypass Yubico OTP and hijack the full LastPass password vault, through phishing. Great job
@__pberba__
🔥🪝🐟
If you want to try it out, you have to use his fork for now.
4
94
217
🚨 The big reveal of Evilginx Pro is finally OUT! 🚨
📔From this blog post you will learn what makes the Pro version different from the community one.
🎟️I explain how Evilpuppet secret token extraction works and showcase the core features.
Enjoy! 🪝🐟
10
77
215
🚨SPOILER ALERT🚨
Evilginx 3.0 changelog sneak peek for the upcoming May 10th release. 🪝🐟
6
54
220
So Windows 11 anti-phishing Smart Screen protection will be able to tell when you are entering you password into any app, on the kernel level.
Same with detecting passwords in input forms on websites, which I believe will be Edge exclusive.
Not sure what to think about this.
18
48
215
Short demo of how Evilginx Pro uses dynamic JavaScript obfuscation to protect your scripts, injected into phishing pages, from automated pattern recognition. 🙈🐟
Evilginx Pro is still in development and will be available exclusively to BREAKDEV RED members later this year. 🥳
3
41
212
💌 NEWS: Closed vetted community for Red Teams
Applicants need to be employed in red team companies.
🎁 Members get:
- FREE access to the private Evilginx phishlets repository on GitHub
- FREE access to the private community on Discord
Find out more:
14
53
210
Evilginx 2.4 "Gone Phishing" update will release on Monday, 14th September 2020 at 14:00 CEST.
Finally!
Spread the word!
6
73
203
BREAKING: Evilginx 3.2 is dropping NEXT WEEK! 🔥🪝🐟
🗒️Here is the full changelog:
2
49
204
John did an incredible job at demoing phishing with bypassing of MFA using Evilginx! 🔥
Check a look! 🪝🐟
Session hijacking a Microsoft 365 account! Stealing their credentials and bypassing MFA prompt with Evilginx: a reverse-proxy phishing framework! We stage a phishing domain and email pretense, and gain full access to the victim account!
27
315
2K
2
34
196
Evilginx 2.3.0 "Phisherman's Dream" Update is OUT! Enjoy!
4
103
190
My friend
@waelmas01
just published his talk from BSides Cyprus 2023 where he gave one of the best live demos of a phishing attack using Evilginx, together with great explaination of all the steps how he perfected the attack. 🔥🪝🐟
Highly recommended!
4
67
195
I think today is the right day to revive my meme from 2021 😂
7
30
184
🚨BREAKING🚨 I decided to pull a one-eighty and due to popular demand I am changing the access duration of Evilginx Mastery course from 365 days to LIFETIME!
This applies to existing customers as well!
(read note below)
6
33
180
Wael Masri (
@waelmas01
) has just given the BITB (browser-in-the-browser) phishing trick, from
@mrd0x
, a second life!
Wael implemented a very clever framebusting bypass as he injects BITB directly into the proxied website, without relying on detectable iframes.
Hire this guy! 🔥
🚨 New Phishing Attack: Frameless BITB + Evilginx (2024 edition)
🔐Full tutorial on how to set up one of the most believable phishing attacks using a new Browser In The Browser + Evilginx attack that bypasses even the most advanced framebusters.
9
123
368
2
49
180
Would you be more susceptible to phishing if the attacker prefilled the phished Google login page with your email and account profile picture? Javascript injection coming soon to Evilginx! 🎣🤖
6
69
174
Evilginx Pro development is in progress!
Rewriting Evilginx to support client/server architecture is as painful as adding multiplayer to a game, which was always meant to remain singleplayer😀
As a side effect, though, you get a full-blown API to automate everything! 🔥
2
22
169
Evilginx Pro will allow you to rewrite URL paths with your phishlet, to evade detection from URL path pattern matching.
More to come! 🪝🐟
3
30
168
To anyone obsessed with low-level anti-debugging, obfuscation and evasion tricks, I highly recommend this post.
A remarkable analysis of a number of interesting tricks used in Roshtyak malware, by Jan Vojtěšek (from September 2022).
1
77
165
Dirk-Jan's
@_dirkjan
talk on phishing Entra ID tokens is finally out and if you can watch one talk this month, make it this one. Superb research really 🔥
Dirk-Jan figured out how to obtain the more privileged PRT token from a lesser refresh token.
4
26
168
🚨BREAKING: Evilginx 3.2 is OUT! 🪝🐟
To celebrate the release of the new update, here is the special 10% discount code for the Evilginx Mastery course!
🎁Code: EVILGINX32 (valid until 31st Aug)
🔗Link:
0
68
163
Phew! This took a while to implement.
🛠️ Evilginx Pro features added:
✅ Multiple domain support on a single instance
✅ DNS zones auto-managed via external DNS providers (Cloudflare, DigitalOcean etc.)
✅ Wildcard certificate auto-retrieval from LetsEncrypt
Coming soon! 🪝🐟
9
26
164
How all of the cybersecurity content creators can operate in this environment is beyond me. 🤦♂️
35
14
155
I've just released Evilginx 2.1. This version adds developer mode, better session cookie detection and regular expressions for both cookie names and POST arguments. Check out the write-up!
1
64
147
‼️ Exactly 6 years ago, on 24th April, the Evilginx 2.0 journey began.
Thank you to everyone who has used the tool since then.
It would not be the same without your involvement 💗
4
14
147
🎁 Who is excited for Evilginx 3.2 release NEXT WEEK? 🔥
One of the new features is the ability to pause your lures for fixed time duration.
Useful if you want to prevent your lure URLs from being scanned right after you send them out or if you want to lay low for a day or two.
2
36
141
🚨 Evilginx 3.3 update is coming out NEXT WEEK! 🥳
Among the improvements, it will include one significant and long-awaited feature, requested by so many of you.
I've made a puzzle to give you a small hint. 🪝
Can you guess what it is?
24
20
142
Finally it is made clear what is the difference between sending NTLM hashes over SMB and WebDAV. Thanks
@n00py1
for taking time to investigate 😀
2
55
133
I will be publishing some fun research next week! 🔥
Tools, PoC and cover art are ready. Need to follow up with a blog post and short demo video.
Stay tuned!
5
25
132
In few hours, things may break (Sep 30 14:01:15 2021 GMT) 🙂.
CA root certificate has been valid since 2000. I'm sure back then someone thought "21 years should be plenty of time for us to not have to worry about it!"
4
61
128
Great research by Yehuda on how to evade FIDO authentication when phishing MS accounts.
Spoiler: Let the server know the client doesn't support FIDO. Simple! 🤷♂️
The referenced PR has been merged into the master branch! 🥳
Follow
@yudasm_
as a sign of appreciation! 🔥
Excited to share my latest research on phishing Windows Hello for Business by way of a downgrade attack, using EvilGinx.
Looking forward to your thoughts.
Read it here:
4
57
162
2
35
124
Reading a message like this makes the effort so much worth it! 🔥♥️
(from BREAKDEV RED)
3
9
127
⏰ Evilginx Mastery Content Update is OUT! 🔥
💡 Available NOW to everyone with access to the course!
🎬 Check the "Deep Sea Phishing" module for new videos.
For newcomers, enjoy the 10% OFF discount code (until Friday): ♥️
GIMMEMOAR
Grab it HERE:
8
29
119
Did you want to use your own TLS certificates with Evilginx 3.x ❓
Now you can! 🪝🐟
1. Put your certificate and private key in: ~/.evilginx/crt/sites/<anyname>/
2. Disable LetsEncrypt with: `config autocert off`
3. Profit! (wildcard certs supported)
3
21
124
Udayveer is one of the most skilled Evilginx power users and he just published his Evilginx guide with configuration tips & tricks and IOC removal for Gophish and more! 🔥🪝🐟
You may want to bookmark this one. 🙂
Checkout my phishing infrastructure setup guide notes, which i recently published on github.
It contains tips and tricks along with some IOC removal for evilginx3.3 and GoPhish.
Thanks to
@mrgretzky
for integrating Gophish with evilginx.
#evilginx
7
112
369
2
17
118
💥 The wait is finally over ‼️ 💥
A total of 562 cybersecurity professionals have been approved!
Thank you everyone for the amazing response!
The number of applications exceeded my expectations. ♥️
Launching on November 9th 2023. 🚀
Let's make it feel like home! ☕️
5
13
119
-- Quick Announcement --
Microsoft 365 Personal & Enterprise advanced phishlet creation guide for Evilginx Mastery course is dropping tomorrow! (50 minutes of extra material) 🪝🐟🔥
Stay tuned!
4
15
116
🚨Evilginx 3.1.0 Release 🪝🐟
Just pushed a small update to Evilginx, fixing few issues, which came up after the 3.0 release in May.
Enjoy!
5
34
114
I'm very happy to announce that I will once again be speaking at
@x33fcon
I will be covering new phishing evasion techniques and talk about how IP blacklisting is pretty much useless these days.
Also - super humbled to be giving the first talk of the conference. 🔥
7
12
109
Dirk-jan developed a great technique proving you do not always need to phish for cookies to gain access. 🔥
Very humbled to see Evilginx used for capturing the tokens 💗
1
19
109
New ASCII art looking great so far! 🔥
(made the logo a bit smaller)
Plus a small sneak peek into the new auto-update feature.
(and no, beta is not yet available if you wanted to ask 😜)
8
10
105
It is scary how easy it is to develop your own reverse proxy phishing tool, like Evilginx, from scratch and hosted entirely on Cloudflare.
Created an AITM tool in a Serverless Function (Cloudflare Worker). Surprisingly, it only takes 174 lines of code to attack Microsoft tenants
We spotted this method is being used in the wild, decided to reproduce the attack
Blog:
7
60
186
2
19
105
🚨 BLACK FRIDAY Evilginx Mastery -40% SALE 🚨
👑 40% discount (biggest yet!)
⏰ Only 24 hours
Code: BLACKFRIDAY40SALE
Link:
Hurry! It's active only until tomorrow!
11
49
105
I will be proudly showing the first demo of Evilginx Pro in action tomorrow live on stream with Stephen. 🔥
Super excited about this! 🥳
Come and join us if you're interested! 🪝🐟
Join us this Friday at 11AM PT with
@mrgretzky
as he shares with us his latest work on Evilginx and MFA bypasses!
We will be giving away THREE free seats to Kuba's "Evilginx Mastery" course! For those who don't win, we'll provide a 20% discount code!
3
25
61
2
34
105
I am filled with pride & joy having heard Evilginx compared to Cobalt Strike, on the latest episode of Risky Business.
Huge thank you to
@jukelennings
from
@pushsecurity
for making this bold statement (and for pronouncing Evilginx properly! 😜)
Sorry, I could not help myself 😆
4
10
103
We're still waiting for the full video of my most recent talk to be uploaded, but in the meantime do enjoy the slides: 🎣
A Smooth Sea Never Made a Skilled Phisherman
@x33fcon
2024
3
24
102
On Friday, I made the first official live presentation of Evilginx Pro on the Off By One Security show hosted by
@Steph3nSims
👑
The live demo gods accepted the sacrifice and everything worked as planned throughout the whole one-and-a-half-hour stream 🥳
2
26
99
Merry Christmas everyone! ❄️☃️🎄
Wish you all the best and thank you for a great year! ✨️
Our friend
@mrgretzky
hooked us up with 12 Evilginx Mastery courses - making it the 12 days of Evilginx Xmas:)
Course details:
Comment below for a chance to win.
647
47
457
3
6
99
Google: We want to encrypt the cookies stored in the browser locally and save the encryption keys securely in the TPM, so that even installed malware will not be able to extract them to hijack your accounts.
Microsoft: Hold my beer 🍺
5
15
100
Seems like it is more profitable to exploit the existence of Evilginx to push advertising for your own security product, instead of implementing universal anti reverse-proxy measures to protect your customers and prevent such attacks from happening.
5
27
98
This is one of the very best Windows R&D posts I've read in a very long time, by
@ElliotKillick
🔥
I've always struggled with running payloads properly from DllMain due to LoaderLock limitations and it seems Elliot managed to solve it. 🤯
Link:
Perfect DLL Hijacking: It's now possible with the latest in security research. Building on previous insights from
@NetSPI
, we reverse engineer the Windows library loader to disable the infamous Loader Lock and achieve ShellExecute straight from DllMain. 🔍 Link in bio 🔗
15
302
836
1
35
98
Not sure how I missed this!
Luke Kavanagh (
@LJKavster
) has exhausted the topic on all the mitigations you can implement to protect your users from reverse proxy phishing 🔥🎣
Recommended reading not only if you are on the defense.
1
28
97
🚨 Evilginx Mastery Black Friday SALE is coming... tomorrow! 🔥
It will be the BIGGEST sale so far! 🤩
⏰ Sale will last only 24 hours.
4
18
95