denniskniep / DeviceCodePhishingLinks
This is a novel technique that leverages the well-known Device Code phishing approach. It dynamically initiates the flow when the victim opens the phishing link and instantly redirects them to the authentication page. No authentication method, not even FIDO, is able to protect against this type of attack.
☆181Updated 3 months ago
Alternatives and similar repositories for DeviceCodePhishing
Users that are interested in DeviceCodePhishing are comparing it to the libraries listed below
Sorting:
- Malware As A Service☆135Updated last year
- Weaponizing DCOM for NTLM Authentication Coercions☆275Updated 6 months ago
- ☆229Updated 6 months ago
- A Python POC for CRED1 over SOCKS5☆161Updated last year
- OAuth Device Code Phishing Toolkit☆102Updated 3 months ago
- ☆181Updated 2 weeks ago
- ☆161Updated 11 months ago
- Python utility that generates "imageless" QR codes in various formats☆133Updated last year
- A PowerShell script to perform PKINIT authentication with the Windows API from a non domain-joined machine.☆164Updated last year
- Group Policy Objects manipulation and exploitation framework☆283Updated 3 weeks ago
- Find interesting files stored on (System Center) Configuration Manager (SCCM/CM) shares via HTTP(s)☆205Updated last year
- pysnaffler☆108Updated 4 months ago
- ☆215Updated last year
- IronSharpPack is a repo of popular C# projects that have been embedded into IronPython scripts that execute an AMSI bypass and then refle…☆119Updated last year
- A tool leveraging Kerberos tickets to get Microsoft 365 access tokens using Seamless SSO☆219Updated last year
- The DCERPC only printerbug.py version☆184Updated 2 months ago
- C# implementation of TokenFinder. Steal M365 access tokens from Office Desktop apps☆144Updated last year
- Azure Post Exploitation Framework☆243Updated 2 months ago
- Modular cross-platform Microsoft Graph API (Entra, o365, and Intune) enumeration and exploitation toolkit☆164Updated last year
- Bounces when a fish bites - Evilginx database monitoring with exfiltration automation☆184Updated last year
- Generate and Manage KeyCredentialLinks☆180Updated 2 months ago
- SCCMSecrets.py aims at exploiting SCCM policies distribution for credentials harvesting, initial access and lateral movement.☆253Updated last month
- Hybrid AD utilities for ROADtools☆102Updated 7 months ago
- SOAPy is a Proof of Concept (PoC) tool for conducting offensive interaction with Active Directory Web Services (ADWS) from Linux hosts.☆154Updated 5 months ago
- Living off the land searches for explorer and sharepoint☆92Updated 3 weeks ago
- ☆188Updated last year
- A web assembly (WASM) phishing lure generator based on pre-built templates and written in Rust with some GenAI assistance. W.A.L.K. aims …☆97Updated last year
- Resources linked to my presentation at OffensiveX in Athens in June 2024 on the topic "Breach the Gat, Advanced Initial Access in 2024"�☆146Updated last year
- Find interesting files stored on (System Center) Configuration Manager (SCCM/CM) SMB shares☆190Updated 2 years ago
- ☆154Updated 9 months ago