Entra Chat is a weekly podcast hosted by Merill Fernando and delivers practical insights for Microsoft administrators and security professionals through convers...
Episode SummaryIn this episode, we dive into the sophisticated world of phishing attacks with Kuba Gretzky, creator of the renowned Evilginx framework. He shares insights on how Evilginx operates as a reverse proxy, capturing authentication tokens in real-time, and discusses the ethical considerations of creating such a powerful tool. Most importantly, Kuba provides valuable guidance on protection strategies that organizations can implement to defend against these advanced phishing techniques.Chapters00:00 - Introduction to Kuba and Evilginx- Creator of Evilginx, a phishing framework demonstrating MFA vulnerabilities- 15+ years in cybersecurity, started with MMO game hacking- Transitioned through reverse engineering to cybersecurity02:03 - Understanding Phishing Fundamentals- Phishing presents fake sign-in pages to capture user credentials- Even 7-year-olds now learn about phishing dangers in school03:39 - How Evilginx Works Technically- Functions as a reverse proxy between user and legitimate server- Creates dual TLS connections to intercept all communications- Captures authentication tokens for complete account takeover05:55 The Evolution of Phishing Tools- Evolved from experiments with cookie manipulation- Improved upon older tools that required malware installation- Developed from Nginx with Lua scripting to standalone Go application10:37 Evilginx's Impact and Popularity- Gained traction through demonstrating MFA vulnerabilities- Creates "shock factor" when users see how easily accounts are compromised- Emerged alongside other tools but distinguished by ease of demonstration12:25 Real-World Phishing Examples- Sophisticated attacks use browser-in-browser techniques- High-profile victims include Linus Tech Tips YouTube channel- Attackers leverage urgency and fear to bypass security awareness16:23 Protecting Against Evilginx Attacks- Implement domain verification checks through JavaScript- Deploy "shadow tokens" with browser fingerprinting- Utilize conditional access policies and FIDO2/passkeys22:57 - Detecting Evilginx Attacks- HTTP header inspection can identify attack signatures- TLS fingerprinting (JA4) detects unusual connection patterns- Cloudflare and other services block suspicious proxy connections27:33 - User Education and Psychological Factors- Focus on recognizing psychological triggers like urgency- Reward reporting rather than punishing victims- Teach users to access websites directly rather than through email links31:01 - Ethical Considerations and Responsible Development- Implemented vetting process for Evilginx Pro access- Built anti-cracking protections to prevent misuse- Created trusted community for responsible information sharing36:43 - Future Developments and Evilginx Pro- New client-server architecture with API for automation- Features include bot protection and shadow token bypass capabilities- Established BreakDev as company with plans for security software platformKey Takeaways- Modern phishing attacks like those enabled by Evilginx can bypass MFA by acting as a proxy in real-time.- The strongest protections include device compliance, FIDO2/passkeys, and domain verification checks.- Organizations should implement conditional access policies that verify device identity, not just user identity.- User education should focus on recognizing urgency tactics rather than just checking URLs.- Shadow tokens that include browser fingerprinting and domain information show promise as protection methods.- Ethical security tools require responsible handling - vetting processes to help prevent misuse.- Security awareness demonstrations with tools like Evilginx help stakeholders understand risks and invest in protections.Key LinksBREAKDEV Blog → breakdev.orgEvilginx Pro → evilginx.comEvilginx Mastery Course → academy.breakdev.org/evilginx-mastery Get full access to Entra.News - Your weekly dose of Microsoft Entra at entra.news/subscribe
--------
53:46
From Okta to Entra: Migrating 700 Apps in 90 Days
In this very first episode of the Entra Chat podcast I sat down with Ben Wolfe, my former manager and ex-Microsoft, who is now the Head of Security Solutions at Increment. How to get in touch with Ben: Ben Wolfe - https://www.linkedin.com/in/benjaminwillwolfe/ Increment - https://www.increment.inc/ Mentions during the episode: Graph X-Ray - https://graphxray.merill.net/ Get full access to Entra.News - Your weekly dose of Microsoft Entra at entra.news/subscribe
Entra Chat is a weekly podcast hosted by Merill Fernando and delivers practical insights for Microsoft administrators and security professionals through conversations with identity experts who've been in the trenches.
Episodes feature seasoned Entra practitioners sharing real-world deployment experiences and Microsoft Entra team members who build the features you use daily.
Get the inside track on best practices, implementation strategies, and upcoming capabilities directly from those who design and deploy Microsoft identity solutions.
Join us for actionable takeaways you can apply immediately in your Microsoft 365, Azure, and Entra environments.
---
Entra.Chat, its content and opinions are my (Merill Fernando) own and do not reflect the views of my employer (Microsoft). All postings are provided “AS IS” with no warranties and is not supported by the author. All trademarks and copyrights belong to their owners and are used for identification only. entra.news
UK