creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-11 21:54:56 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
d833f0eab9efd8b4d045d9f2142be20683066eec
Anthropic-Cybersecurity-Skills/skills/performing-initial-access-with-evilginx3/references/workflows.md
T

61 lines
2.1 KiB
Markdown
Raw Blame History

# Workflows - EvilGinx3 Initial Access
## End-to-End AiTM Phishing Workflow
```
1. Reconnaissance
├── Identify target authentication service (M365, Google, Okta)
├── Analyze target MFA implementation (SMS, Authenticator, FIDO2)
├── Register lookalike domain with appropriate TLD
└── Categorize domain to avoid URL filtering
2. Infrastructure Setup
├── Deploy VPS and configure DNS records
├── Install and configure EvilGinx3
├── Enable phishlet for target service
├── Verify SSL certificate provisioning
└── Create and test lure URLs
3. Phishing Delivery
├── Craft pretext email with social engineering
├── Configure GoPhish or SMTP relay for delivery
├── Send phishing emails to authorized targets
└── Monitor delivery and open rates
4. Credential and Session Capture
├── Monitor EvilGinx3 session dashboard
├── Capture credentials as victims authenticate
├── Capture session cookies (MFA bypass tokens)
└── Export session data for exploitation
5. Session Hijacking
├── Import session cookies into attacker browser
├── Navigate to target service with hijacked session
├── Validate access to victim's account
└── Enumerate accessible resources
6. Persistence and Escalation
├── Create application-specific passwords
├── Register attacker device in Azure AD / Entra ID
├── Add OAuth application consents
└── Establish email forwarding rules for persistence
7. Reporting
├── Document attack chain with evidence
├── Record number of successful captures
├── Identify defensive gaps exploited
└── Provide remediation recommendations
```
## Cookie Import Workflow
```
1. From EvilGinx3 session output, copy cookie data
2. Open browser with Cookie-Editor extension
3. Navigate to target service login page
4. Clear existing cookies for the domain
5. Import captured cookies via Cookie-Editor
6. Refresh the page to obtain authenticated session
7. Verify access to victim's account
```
Reference in New Issue View Git Blame Copy Permalink