How Much Is The Phish? Evolving Defenses Against Evilginx Reverse Proxy Phishing

Learn about reverse proxy phishing attacks and evolving defense mechanisms in this 33-minute conference talk from x33fcon. Explore the inner workings of Evilginx, a tool that has been at the forefront of MFA bypass attacks for the past six years. Discover how these attacks circumvent multi-factor authentication, examine what users experience during an attack, and understand why current web security measures have struggled to counter this threat effectively. Delve into practical defense strategies including JavaScript detections, dynamic code obfuscation, string obfuscation, and the implementation of secret tokens. Follow along with demonstrations and code examples showing basic protection mechanisms, with special attention to Google's approach to making secret tokens unspoofable. Master essential knowledge for defending against sophisticated phishing attacks that continue to pose significant risks to organizational security.