Evilginx Pro Course Curriculum

Entire curriculum is publicly available for viewing

    1. [Student Only] - Linkedin Phishlet (Evilginx 3.0.0)

    2. Evilginx3 Working Updated Phishlets

    3. Evilginx2 Legacy Phishlet Collection

    4. Master Password List for Hashing (2023)

    5. Evilginx & Evilproxy Master Keyword List

    6. HTML Email Template Creation Tool - FishMailer

    7. Email Phishing Study - What You See is Not What You Get (University of Auckland Conference)

    8. Custom DNS Blocklists for Evilginx3

    9. 2023 Defcon Phishing Report by Industry

    10. Cybercriminals Continue to Exploit Human Nature Through Phishing and Spam Attacks (PDF)

    11. Interview with Creator Kuba Gretzky (June 2023)

    12. Evilginx 3.2.0 Phishlet Template (.yaml)

    13. Bash script to install evilginx3 on a Ubuntu Linux (Advanced Users only)

    14. (11-13) Evilginx3 Linkedin Phishlet

    15. Advanced Users Only: Evilginx3 Linkedin Phishlet (with EvilPuppet)

    16. Crowdstrike Falcon2 Ransomware Report Testing Presentation (Highly Informative)

    17. (Webinar Replay) Modern MITM Attack Process Deep Dive with Evilginx3 on Microsoft365

    1. Student Experience Level Survey

    2. Evilginx Pro Masterclass Learning Structure

    3. Disclaimer: Ethical & Legal Implications

    4. Why should you take this course & who is it for?

    5. Evilginx Professional Masterclass Agenda

    6. Course Introduction

    1. Brief History of Phishing: Why Username & Password no longer works

    2. The Death of Password Phishing: Why MFA Killed Old-School Attacks

    3. Reverse Proxy Workflow (Simplified)

    4. What is a MITM Reverse-Proxy Attack? (Hotel Wifi Visualization)

    5. RockYou: Largest Ever Password Compilation Leaked

    1. Introduction to Evilginx3

    2. Evilginx Workflow

    3. Evilginx Simple Explanation

    4. Evilginx Quiz

    1. Configuring our Virtual Private Server with DigitalOcean

    2. Domain Selection with URLcrazy & DNStwist

    3. Domain Setup

    4. Installing Requirements: Go, GIT & Software Updates

    5. Evilginx Version Check + Installing Cookie Editor & Local Storage Extensions

    6. Installing Requirements Go, GIT & Software Updates (Code)

    7. Evilginx Step by Step Environment Setup Quiz

Evilginx Pro Masterclass: Bypassing Multí-Factor Authentícation with Evílginx3

  • $69.99
  • 92 lessons


Our course recommended by expert Jan Bakker

Rencora Cybersecurity

Our Evilginx Pro Masterclass recommended by Rencora's Staff

Recommended by Maltego's ‎Executive Summary‎

Our Evilginx Pro Masterclass Recommended by Maltego


Our new Evilginx Phishlets were used during SOCRadar's latest "Evil of Everything" Security Penetration Test & Showcase

Our Evilginx3 Phishlet Repository

Our Phishlets have been used by thousands of users & teams around the world.

Course Reviews

See what industry professionals about our education


Answering your questions about payments, course content & more.

  • Why should I enroll in this course?

    Our Evilginx Pro Masterclass is mainly focused on the actual usage & deployment of Evilginx within the context of a full attack engagement step by step. We teach you the real best practices for a systematic framework for all modern campaigns. If you want a no bullshit straight-to-the-point course on Evilginx, this course is for you. We see no point in wasting time running around trying to piece together unclear Youtube videos & random blog posts to learn how to use these tools.

  • What specific phishing techniques and scenarios are covered in the course?

    The course covers phishing techniques like credential harvesting, session hijacking, transparent reverse proxying, multi-stage engagement flows, social engineering frameworks. Scenarios are modeled after real-world tests.  Everything is updated to its current version as well.

  • Why should I choose this course over others for learning about Evilginx & cybersecurity?

    This course was created is to give everyone access to this information in a non-expensive & understandable way. I was tired of seeing these the majority of companies charging $500+ for a shitty training, teaching it in a way that's not clear & only advanced users can understand. They make learning cybersecurity so much harder than it needs to be. This course teaches how to use the latest version Evilginx for realistic phishing attacks through hands-on labs in the simplest way with lots of support & help. The point is to give value to students around the world who may not have the means or resources to access said information.

  • I'm new to cybersecurity. Is this course suitable for me?

    The course begins with foundational concepts, making it accessible to beginners. Advanced lessons build on this foundation for a comprehensive learning experience.

  • Do you accept cryptocurrency payments?

    Yes. We understand that exchange rates may be high for students in other countries. We use Coinbase Commerce API for our invoices & all of our transactions are recorded on live.blockcypher.com for full transparency. Here is our crypto payment link: https://commerce.coinbase.com/checkout/c3eb5b91-3301-4c3c-94d3-4496fd75420a

  • Do you teach how emails get directly to the primary inbox?

    Yes, our course provides insights & examples on how emails circumvent modern filters to land directly in a user's primary inbox. We put you in the driver's seat to grasp this perspective. We delve into techniques like spam bypassing, the role of SMTP, and URL hiding.  Providing firsthand exposure to phishing emails, we aim to hone your defensive skills and enhance awareness, aiding you in promptly detecting and countering cybersecurity threats.

  • Can I access the course material after completion?

    Yes, students will have lifetime access to the course material, including any future updates.

  • Why do my emails always go to spam folder? Can you help with that?

    This is a very common question. Emails often land in spam due to things like flagged content or certain keywords. We go through & teach you how real-life examples of how emails bypass filters & improve deliverability. I show my process & tools I use as a red teamer to get my campaigns delivered without issues.

  • What if I ignore the ethical guidelines discussed in the course?

    The content of this course is highly potent; misuse can trigger significant legal repercussions. Seriously. It's imperative to adhere to ethical conduct; any misuse absolves all liabilities for resulting damages. Seriously. Don't use this information for bad.

Huges Thanks to our Enrollments & Sponsors!

Y Combinator Simpler Hacking Sponsor
Udemy Teacher on Simpler Hacking
Coursera Education Sponsor for SimplerHacking.com