Evilginx Professional Masterclass

Evilginx Professional Masterclass (2024)

Designed for both beginners & advanced users, our course will teach you everything you need to master Evilginx reverse-proxy phishing, bypassing MFA, setting up your server for engagements, sending emails for campaigns, delivering lures to priority inbox, as well as post-engagement best practices & bonus tools + resources.

Buy Now

Evilginx Professional Masterclass Course Curriculum

Master Modern Enterprise Phishing

1. (Update: 2024) User Camera, Location & OS Hijacking Tool (Evilginx Add-on)
2. Linkedin Phishlet (Evilginx 3.0.0)
3. Evilginx3 Updated Phishlets
4. Evilginx2, Evilginx3 Legacy Phishlet Collection (2016-2024)
5. Password List for Hashing (2024)
6. Evilginx & EvilProxy Master Keyword List
7. Custom DNS Blocklists for Evilginx3
8. 2023 Defcon Phishing Report by Industry
9. Interview with Creator Kuba Gretzky (June 2023)
10. Evilginx 3.2.0 Phishlet Template (.yaml)
11. Bash script to install evilginx3 on a Ubuntu Linux (Advanced Users only)
12. Evilginx3 Linkedin Phishlet
13. Evilginx3 Linkedin Phishlet (with EvilPuppet)
14. Crowdstrike Falcon2 Ransomware Report Testing Presentation (Highly Informative)
15. (Webinar Replay) Modern MITM Attack Process Deep Dive with Evilginx3 on Microsoft365
1. New Student Welcome Survey
2. Follow Simpler Hacking on Linkedin!
3. Evilginx Pro Masterclass Learning Structure
4. Disclaimer: Ethical & Legal Implications
5. Why should you take this course & who is it for?
6. Evilginx Professional Masterclass Agenda
7. Important Notice to All Students: Course Guidelines
8. Course Introduction
1. What is a MITM Reverse-Proxy Attack? (Salesforce AITM Attack Visualization Demo)
2. Reverse Proxy Workflow (Simplified)
3. Brief History of Phishing: Why Username & Password no longer works
4. The Death of Password Phishing: Why MFA Killed Old-School Attacks
5. RockYou2023: Largest Ever Password Compilation Leaked
1. Introduction to Evilginx3
2. Evilginx Workflow
3. Evilginx Simple Explanation
4. Evilginx Quiz
1. Creating & Configuring our Virtual Private Server with DigitalOcean
2. Domain Selection with URLcrazy & DNStwist
3. How to Find & Generate the Perfect Phishing Domain for Evilginx3
4. Domain Setup
5. Installing Requirements: Go, GIT & Software Updates
6. Evilginx Version Check + Installing Cookie Editor & Local Storage Extensions
7. Installing Requirements Go, GIT & Software Updates (Code)
8. Evilginx Step by Step Environment Setup Quiz
9. (Optional Troubleshooting) Failed to start on nameserver on: 53 error message
1. Installing Evilginx3
2. Installing Evilginx3 (Code)
3. Evilginx Commands
4. Best Practices: User Privileges
5. Phishlet Commands
6. Main Commands Review
1. Evilginx Phishlets Explained
2. Phishlet Creation Commands
3. Comparing Evilginx2 & Evilginx3
4. Evilginx2 Legacy Phishlets
5. Evilginx 3.0 Phishlet (Blank Script Template)
6. Evilginx 3.2 Phishlet (Blank Walkthrough Script Template #2) - Updated
7. Evilginx 3.2 Phishlet (Blank Walkthrough Script Template #3) - Updated
1. Session Tokens vs. Cookies
2. Understanding Cookies & Sessions Tokens
3. Banking System: Cookies & Session Tokens Explained
4. Authenticated Sessions Visualized
5. Session Tokens and Cookie Management Explained Quiz
1. Live Phishing Attack on Microsoft 365 Engagement Roadmap
2. Custom Evilginx3 Microsoft Phishlet (Updated)
3. Creating New Phishlet & Importing .YAML code with Nano Command
4. Configuring IP Address, Domain, Hostname
5. Config IP Address, Domain, Hostname.pdf
6. Capturing Username, Password & Session Tokens
7. How to Use Evilginx to Bypass Modern Multi-Factor Authentication
8. Debugging & Troubleshooting Help
9. Evilginx3 Attack Engagement (Full Comprehensive Review)
10. Bonus Demo - Evilginx 3.2 Microsoft Attack #2 - Comprehensive Guide from Both The User & Attacker Perspective
1. Utilizing Blacklist Command in Evilginx3
2. Evilginx & OPSEC Best Practices
3. Top Level Domain Tools (TLDs) & Clever Hostnames
4. Introducing EvilGoPhish 3
1. (!) Recommendation: Installing & Running Evilginx Before Completing This Section
2. (!) Putting the Pieces Together
3. (!) Choosing Email Service for Gophish (2024 Updated)
4. (!) Warming up the Domain Before Sending
5. GoPhish Setup: Installation
6. Gophish Installation.pdf
7. Setting a New Password & Launching GoPhish Admin Panel via Web Browser
8. Setting up SMTP, Email Templates, Landing Page, Launching Campaign
9. HTML Email Template Creation Tool - FishMailer
10. GoPhish Responsive HTML Email Template Creator for Evilginx3 Lures
11. Custom GoPhish Templates & Hooks (Updated)
1. Configuring Autosneakphish for Advanced Email Bypass
2. (Bonus) How to get AI & ChatGPT to Write GoPhish Email Templates ft. Marcus
1. Post Engagement 101
2. Hiding Phishlets & Nuking the VPS
3. Tracking Phishing KPIs & Analyzing Results
1. Mitigation Techniques Introduction
2. Defensive Strategies Against MITM Attacks & Evilginx
3. Evilginx Mitigation - How to Setup & Use Yubikey with Google MFA
4. Cybercriminals Continue to Exploit Human Nature Through Phishing and Spam Attacks (PDF)
1. AI & Machine Learning Mitigation (Nvidia)
2. Using Palo Alto Network Prisma for Evilginx Phishing Threat Detection
1. Course Conclusion
1. Phishlet Developer Program Course Introduction
2. Evilginx Phishlet Development Course Preview (Coming Soon)
3. (11-20 UPDATE) Evilginx Phishlet Developer Program (Slides & Content Preview Update)

Evilginx Professional Masterclass: Bypassing Multí-Factor Authentícation with Evílginx3

$69.99
99 lessons
Course

Student Testimonials & Reviews

What others think about our course?

“If you're a cybersecurity student or on a tight budget, consider the Evilginx Pro Masterclass from Simpler Hacking to learn all about Evilginx. Took the course yesterday, and it has all the content to get you started on your engagements.”

Jan Bakker - www.JanBakker.tech

“It covers everything about Evilginx3 on how to use the tool for both offensive & defensive purposes. The sections on advanced customization & making sure the lure emails get delivered via SMTP services were very useful for real-world application. Its also much easier to understand than other Cybersecurity courses I have taken previously on sites like Pluralsight or MIT Research.”

Rencora Sec - Rencora.com

“Thanks to @mrgretzky and @simplerhacking for making 2 of the best Phishing courses of the year!!! ”

Brigade SH

“Hi, @simplerhacking I just wanted to let know that I appreciate you creating a quality affordable option for Evilginx education! ”

Waren Alan - Beloha2e @ Github Spain

“This introductory course teaches how to leverage adversary-in-the-middle attacks with a similar tool called Evilginx to compromise accounts, intercept traffic, and bypass security mechanisms. Students get access to an Evilginx lab environment, custom phishlets & bonus resources enhance your knowledge. ”

Maltego for Enterprise - Learning And Training

Frequently Asked Questions (FAQs)

Crypto Payments, Course Content, Best Practices

Do you accept cryptocurrency payments?

Yes. Most students prefer to pay with cryptocurrency. All that is required is an email address to send the course to. [email protected] & Cee (Support) or SH (Founder) will reach out to you via email.
Why should I enroll in this course?

Our Evilginx Pro Masterclass is mainly focused on the actual usage & deployment of Evilginx within the context of a full attack engagement step by step. If you want a no bullshit straight-to-the-point course on Evilginx, this course is for you. We see no point in wasting time running around trying to piece together unclear Youtube videos & random blog posts to learn how to use these tools.
I'm new to cybersecurity. Is this course suitable for me?

Yes! The course begins with foundational concepts, making it accessible to beginners and all skill levels. No programming experience is required to take this course. Everything is broken down into the simplest of terms. (i.e. Simpler Hacking)
What specific phishing techniques and scenarios are covered in the course?

The course covers phishing techniques like credential harvesting, session hijacking, transparent reverse proxying, multi-stage engagement flows, social engineering frameworks. Scenarios are modeled after real-world tests. Everything is updated to its current version as well.
Why should I choose this course over others for learning about Evilginx & cybersecurity?

This course was created is to give everyone access to this information in a non-expensive & understandable way. I was tired of seeing these the majority of companies charging $500+ for a shitty training, teaching it in a way that's not clear & only advanced users can understand. The point is to give value to students around the world who may not have the means or resources to access said information.
Do you teach how emails get directly to the primary inbox?

Yes, our course provides insights & examples on how emails circumvent modern filters to land directly in a user's primary inbox. We put you in the driver's seat to grasp this perspective. We delve into techniques like spam bypassing, the role of SMTP, and URL hiding. Providing firsthand exposure to phishing emails, we aim to hone your defensive skills and enhance awareness, aiding you in promptly detecting and countering cybersecurity threats.
Can I access the course material after completion?

Yes, students will have lifetime access to the course material, including any future updates.
Where can I find Phishlets?

Our phishlets can be found on https://github.com/simplerhacking/Evilginx3-Phishlets
What if I ignore the ethical guidelines discussed in the course?

It's imperative to adhere to ethical conduct; any misuse absolves all liabilities for resulting damages. Seriously. Do not use this information for bad.