denniskniep / DeviceCodePhishingLinks
This is a novel technique that leverages the well-known Device Code phishing approach. It dynamically initiates the flow when the victim opens the phishing link and instantly redirects them to the authentication page. No authentication method, not even FIDO, is able to protect against this type of attack.
☆165Updated 3 months ago
Alternatives and similar repositories for DeviceCodePhishing
Users that are interested in DeviceCodePhishing are comparing it to the libraries listed below
Sorting:
- ☆203Updated last month
- A Python POC for CRED1 over SOCKS5☆151Updated 10 months ago
- ☆156Updated 6 months ago
- SCCMSecrets.py aims at exploiting SCCM policies distribution for credentials harvesting, initial access and lateral movement.☆229Updated 2 months ago
- Find interesting files stored on (System Center) Configuration Manager (SCCM/CM) shares via HTTP(s)☆190Updated 10 months ago
- ☆66Updated 2 months ago
- Python utility that generates "imageless" QR codes in various formats☆125Updated 11 months ago
- ☆208Updated last year
- Azure Post Exploitation Framework☆203Updated 5 months ago
- Living off the land searches for explorer and sharepoint☆89Updated 3 months ago
- LudusHound is a tool for red and blue teams that transforms BloodHound data into a fully functional, Active Directory replica environment…☆237Updated 2 weeks ago
- pysnaffler☆100Updated 3 weeks ago
- Weaponizing DCOM for NTLM Authentication Coercions☆262Updated last month
- IronSharpPack is a repo of popular C# projects that have been embedded into IronPython scripts that execute an AMSI bypass and then refle…☆115Updated last year
- A PowerShell script to perform PKINIT authentication with the Windows API from a non domain-joined machine.☆157Updated last year
- A Python based tool to convert custom queries from Legacy BloodHound to BloodHound CE format, with the option to directly upload them to …☆32Updated 6 months ago
- SOAPy is a Proof of Concept (PoC) tool for conducting offensive interaction with Active Directory Web Services (ADWS) from Linux hosts.☆112Updated last week
- Generate and Manage KeyCredentialLinks☆160Updated 2 weeks ago
- Bounces when a fish bites - Evilginx database monitoring with exfiltration automation☆177Updated last year
- OAuth Device Code Phishing Toolkit☆65Updated 3 months ago
- ☆220Updated 9 months ago
- ☆101Updated 3 weeks ago
- A tool leveraging Kerberos tickets to get Microsoft 365 access tokens using Seamless SSO☆181Updated 11 months ago
- SoaPy is a Proof of Concept (PoC) tool for conducting offensive interaction with Active Directory Web Services (ADWS) from Linux hosts.☆237Updated 5 months ago
- Parses Snaffler output file and generate beautified outputs.☆106Updated 6 months ago
- ☆140Updated 3 months ago
- Easy to use, open-source infrastructure management platform, crafted specifically for red team engagements.☆80Updated this week
- Automating the MITM attack on WSUS☆257Updated 3 weeks ago
- Malware As A Service☆134Updated last year
- PowerShell collector for adding MSSQL attack paths to BloodHound with OpenGraph☆180Updated this week