MFA Slipstream - Phishing MFA PoC Walkthrough

by DG under phishing, pentesting, se
MFA Slipstream PoC MFA Slipstream is a Proof of Concept (PoC) I put together a few months ago while on a phishing engagement. It uses JavaScript and a Python back-end to collect a target's username and password, as well as multi-factor authentication token. I say PoC and not tool, because there are some obvious features missing from the PoC's current state, like: the ability to clone a site and stitch in the necessary JavaScript (this is done by hand), or the ability to scale better by some type of user session/state. At its core the MFA Slipstream tool is
Read More

Phishing Your Way Past MFA

by DG under infosec, phishing, cyber
Hello there! My demo and explanation of phishing multi-factor authentication credentials can be found here: OpenSky Corp Blog - Phishing Your Way Past Multi-Factor Authentication Check back here ( or on twitter for updates regarding the PoC tool used for the attack demonstration in the blog post below. I'm planning on doing a detailed code walk-through. The tool will be available on GitHub here. The code walkthrough for the PoC for phishing multi-factor authentication has been posted here:
Read More