# Standards and References - EvilGinx3 Initial Access

## MITRE ATT&CK References

| Technique ID | Name | Tactic |
|-------------|------|--------|
| T1566.002 | Phishing: Spearphishing Link | Initial Access |
| T1557 | Adversary-in-the-Middle | Credential Access |
| T1539 | Steal Web Session Cookie | Credential Access |
| T1078 | Valid Accounts | Initial Access, Persistence |
| T1556 | Modify Authentication Process | Credential Access |
| T1550.004 | Use Alternate Authentication Material: Web Session Cookie | Lateral Movement |

## Industry Standards

- **PTES** - Pre-Engagement and Intelligence Gathering phases
- **OWASP Testing Guide** - Authentication Testing
- **NIST SP 800-63B** - Digital Identity Guidelines: Authentication
- **CISA Advisory AA22-277A** - Threat Actors Exploiting MFA Bypass Techniques

## Official Resources

- EvilGinx Project: https://github.com/kgretzky/evilginx2
- GoPhish: https://getgophish.com/
- EvilGoPhish: https://github.com/fin3ss3g0d/evilgophish
- Certificate Transparency Logs: https://crt.sh

## Research Papers

- Microsoft Storm-1167 AiTM Phishing Campaign Analysis (2023)
- Deepwatch: Catching the Phish - Detecting Evilginx & AiTM
- BDO Security: MFA-Phishing as Initial Access in Red Teaming