AitM Phishing: How Attackers Bypass MFA and How to Stop Them
Adversary-in-the-Middle phishing silently proxies real login pages and steals session tokens — making MFA useless. Here's how it works and how to detect it.
Phishing
6 articles
Browser-in-the-Browser: The Phishing Attack That Fakes the Browser Itself
Browser-in-the-Browser (BitB) attacks forge convincing browser popup windows using pure HTML and CSS — making phishing pages nearly impossible to spot by eye. Here's how it works and how to defend against it.
Entra ID Attacks in Practice: Device Code Phishing, PRT Theft, and Conditional Access Bypass
MFA is no longer enough to protect Microsoft Entra ID accounts. Attackers steal tokens, register their own devices, and bypass Conditional Access — without ever touching a password. Here's the full attack chain and how to detect it.
Trust Me, I'm a Shortcut: How LNK Files Lie to Windows Explorer
Windows .lnk shortcut files can show one target while silently executing another. Discover five spoofing techniques including CVE-2025-9491, how attackers exploit them, and how to detect them.
72 Hours to Domain Admin: A Red Team Engagement Debrief
A step-by-step debrief of a real-world red team engagement — from passive OSINT through AiTM phishing, EDR evasion, and ADCS exploitation to full domain compromise. What worked, what didn't, and what would have stopped us.
Phishing Under the Microscope: Analyzing a Real Attack Email Step by Step
We tear apart a realistic phishing email using Security Decoder — headers, URLs, JWT tokens, and obfuscated JavaScript — and show exactly what each red flag means.