Evilginx Professional Masterclass

This comprehensive course focuses on deploying Evilginx for dynamic phishing scenarios, students will master the nuances reverse-proxy phishing, email protocols (SPF, DMARC, DKIM), content obfuscation, and executing attacks that effectively evade security measures, ensuring a comprehensive grasp of modern attacks along with a vast archive of custom tools & templates to aid your campaigns.

Buy Now Free Preview

Evilginx Pro Course Curriculum

Entire curriculum is publicly available for viewing

1. [Student Only] - Linkedin Phishlet (Evilginx 3.0.0)
2. Evilginx3 Working Updated Phishlets
3. Evilginx2 Legacy Phishlet Collection
4. Master Password List for Hashing (2023)
5. Evilginx & Evilproxy Master Keyword List
6. HTML Email Template Creation Tool - FishMailer
7. Email Phishing Study - What You See is Not What You Get (University of Auckland Conference)
8. Custom DNS Blocklists for Evilginx3
9. 2023 Defcon Phishing Report by Industry
10. Cybercriminals Continue to Exploit Human Nature Through Phishing and Spam Attacks (PDF)
11. Interview with Creator Kuba Gretzky (June 2023)
12. Evilginx 3.2.0 Phishlet Template (.yaml)
13. Bash script to install evilginx3 on a Ubuntu Linux (Advanced Users only)
14. (11-13) Evilginx3 Linkedin Phishlet
15. Advanced Users Only: Evilginx3 Linkedin Phishlet (with EvilPuppet)
16. Crowdstrike Falcon2 Ransomware Report Testing Presentation (Highly Informative)
17. (Webinar Replay) Modern MITM Attack Process Deep Dive with Evilginx3 on Microsoft365
1. Evilginx Pro Masterclass Comprehensive Course Preview
  FREE PREVIEW
1. Student Experience Level Survey
  FREE PREVIEW
2. Evilginx Pro Masterclass Learning Structure
  FREE PREVIEW
3. Disclaimer: Ethical & Legal Implications
  FREE PREVIEW
4. Why should you take this course & who is it for?
5. Evilginx Professional Masterclass Agenda
6. Course Introduction
1. Brief History of Phishing: Why Username & Password no longer works
2. The Death of Password Phishing: Why MFA Killed Old-School Attacks
3. Reverse Proxy Workflow (Simplified)
4. What is a MITM Reverse-Proxy Attack? (Hotel Wifi Visualization)
5. RockYou: Largest Ever Password Compilation Leaked
1. Introduction to Evilginx3
2. Evilginx Workflow
3. Evilginx Simple Explanation
4. Evilginx Quiz
1. Configuring our Virtual Private Server with DigitalOcean
2. Domain Selection with URLcrazy & DNStwist
3. Domain Setup
4. Installing Requirements: Go, GIT & Software Updates
5. Evilginx Version Check + Installing Cookie Editor & Local Storage Extensions
6. Installing Requirements Go, GIT & Software Updates (Code)
7. Evilginx Step by Step Environment Setup Quiz
1. Installing Evilginx3
2. Installing Evilginx3 (Code)
3. Evilginx Commands
4. Best Practices: User Privileges
5. Phishlet Commands
6. Main Commands Review
1. Evilginx Phishlets Explained
2. Phishlet Creation Commands
3. Comparing Evilginx2 & Evilginx3
4. Evilginx2 Legacy Phishlets
5. Evilginx 3.0 Phishlet (Blank Script Template)
1. Session Tokens vs. Cookies
2. Understanding Cookies & Sessions Tokens
3. Banking System: Cookies & Session Tokens Explained
4. Authenticated Sessions Visualized
5. Session Tokens and Cookie Management Explained Quiz
1. Live Phishing Attack on Microsoft 365 Engagement Roadmap
2. Custom Evilginx3 Microsoft Phishlet (Updated)
3. Creating New Phishlet & Importing .YAML code with Nano Command
4. Configuring IP Address, Domain, Hostname
5. Config IP Address, Domain, Hostname.pdf
6. Capturing Username, Password & Session Tokens
7. Bypassing Modern Multi-Factor Authentication
8. Debugging & Troubleshooting Help
9. Evilginx3 Attack Engagement Full Review
10. Evilginx3 Microsoft Attack #2 - Comprehensive Guide from Both The User & Attacker Perspective
1. Utilizing Blacklist Command in Evilginx3
2. Evilginx & OPSEC Best Practices
3. Top Level Domain Tools (TLDs) & Clever Hostnames
4. Introducing EvilGoPhish 3
1. (!) Putting the Pieces Together
2. (!) Choosing Email Service for Gophish
3. (!) Warming up the Domain Before Sending
4. GoPhish Setup: Installation
5. Gophish Installation.pdf
6. Setting a New Password & Launching GoPhish Admin Panel via Web Browser
7. Setting up SMTP, Email Templates, Landing Page, Launching Campaign
8. (Bonus) Using AI & ChatGPT to Write GoPhish Email Templates ft. Marcus
9. GoPhish Responsive HTML Email Template Creator
10. Custom GoPhish Templates & Hooks
1. Post Engagement 101
2. Hiding Phishlets & Nuking the VPS
3. Tracking Phishing KPIs & Analyzing Results
1. Mitigation Techniques Introduction
2. Defensive Strategies Against MITM Attacks & Evilginx
3. Evilginx Mitigation - How to Setup & Use Yubikey with Google MFA
1. AI & Machine Learning Mitigation (Nvidia)
2. Using Palo Alto Network Prisma for Phishing Threat Detection
1. Course Conclusion
1. Phishlet Development Course Introduction
2. (11-20 UPDATE) Evilginx Phishlet Programming Course (Slides & Content Preview Update)
3. Evilginx Phishlet Development Course Preview

Evilginx Pro Masterclass: Bypassing Multí-Factor Authentícation with Evílginx3

$69.99
92 lessons

Reviews

Our course recommended by expert Jan Bakker

Rencora Cybersecurity

Our Evilginx Pro Masterclass recommended by Rencora's Staff

Read Article

Recommended by Maltego's ‎Executive Summary‎

Our Evilginx Pro Masterclass Recommended by Maltego

SOCRadar

Our new Evilginx Phishlets were used during SOCRadar's latest "Evil of Everything" Security Penetration Test & Showcase

Our Evilginx3 Phishlet Repository

Our Phishlets have been used by thousands of users & teams around the world.

Course Reviews

See what industry professionals about our education

FAQ

Answering your questions about payments, course content & more.

Why should I enroll in this course?

Our Evilginx Pro Masterclass is mainly focused on the actual usage & deployment of Evilginx within the context of a full attack engagement step by step. We teach you the real best practices for a systematic framework for all modern campaigns. If you want a no bullshit straight-to-the-point course on Evilginx, this course is for you. We see no point in wasting time running around trying to piece together unclear Youtube videos & random blog posts to learn how to use these tools.
What specific phishing techniques and scenarios are covered in the course?

The course covers phishing techniques like credential harvesting, session hijacking, transparent reverse proxying, multi-stage engagement flows, social engineering frameworks. Scenarios are modeled after real-world tests. Everything is updated to its current version as well.
Why should I choose this course over others for learning about Evilginx & cybersecurity?

This course was created is to give everyone access to this information in a non-expensive & understandable way. I was tired of seeing these the majority of companies charging $500+ for a shitty training, teaching it in a way that's not clear & only advanced users can understand. They make learning cybersecurity so much harder than it needs to be. This course teaches how to use the latest version Evilginx for realistic phishing attacks through hands-on labs in the simplest way with lots of support & help. The point is to give value to students around the world who may not have the means or resources to access said information.
I'm new to cybersecurity. Is this course suitable for me?

The course begins with foundational concepts, making it accessible to beginners. Advanced lessons build on this foundation for a comprehensive learning experience.
Do you accept cryptocurrency payments?

Yes. We understand that exchange rates may be high for students in other countries. We use Coinbase Commerce API for our invoices & all of our transactions are recorded on live.blockcypher.com for full transparency. Here is our crypto payment link: https://commerce.coinbase.com/checkout/c3eb5b91-3301-4c3c-94d3-4496fd75420a
Do you teach how emails get directly to the primary inbox?

Yes, our course provides insights & examples on how emails circumvent modern filters to land directly in a user's primary inbox. We put you in the driver's seat to grasp this perspective. We delve into techniques like spam bypassing, the role of SMTP, and URL hiding. Providing firsthand exposure to phishing emails, we aim to hone your defensive skills and enhance awareness, aiding you in promptly detecting and countering cybersecurity threats.
Can I access the course material after completion?

Yes, students will have lifetime access to the course material, including any future updates.
Why do my emails always go to spam folder? Can you help with that?

This is a very common question. Emails often land in spam due to things like flagged content or certain keywords. We go through & teach you how real-life examples of how emails bypass filters & improve deliverability. I show my process & tools I use as a red teamer to get my campaigns delivered without issues.
What if I ignore the ethical guidelines discussed in the course?

The content of this course is highly potent; misuse can trigger significant legal repercussions. Seriously. It's imperative to adhere to ethical conduct; any misuse absolves all liabilities for resulting damages. Seriously. Don't use this information for bad.