Novel Evilginx Frontend - Lowering the barrier for token theft reuse
Uncovering an undocumented Microsoft 365 account takeover panel using Evilginx API integration for easy token reuse and account compromise.
On the Hunt
Deep dive into malware analysis, threat hunting, blue team defense strategies, and red team techniques
Recent Posts
View allHunting New C2 Frameworks - Part 2 - Nexus C2, Shipped with Creds
A deep dive into a newly discovered C2 framework, Nexus C2 — its features, operational flaws, and the implications of AI-generated malware in the wild.
Hunting New C2 Frameworks
A look at hunting C2 frameworks in the wild, including identifying a previously unknown C2 framework.
Device Code Phishing Campaign — Infrastructure Update
A follow-up investigation mapping 1,337 phishing URLs across 326 workers.dev hostnames, confirming a PhaaS multi-tenant architecture, encrypted client-side payloads, and new lure variants targeting Adobe, DocuSign, and Outlook branding.
Uncovering a New Device Code Phishing Campaign
Uncovering a phishing campaign abusing Microsoft Device Code Authentication and Cloudflare Worker Pages, with detection hunts for Entra and Microsoft 365.