From Evilginx2 to Session Hijacking: Building a Phishing Lab & Detection Rules

Session hijacking has evolved beyond traditional cookie theft. With Adversary-in-the-Middle (AitM) phishing kits like Evilginx2, attackers can intercept credentials and session tokens in real-time, bypassing even strong MFA solutions. In this hands-on guide, we’ll build a controlled lab environment, execute a full phishing campaign, and develop detection rules to identify these attacks. Understanding the Threat Evilginx2 is a man-in-the-middle proxy framework that sits between the victim and the legitimate website. Unlike traditional phishing, it:...

February 18, 2026 · 6 min · Anass

Session Hijacking 2.0: Emerging Threats and Defenses

Introduction In today’s rapidly evolving cybersecurity landscape, attackers have found new ways to bypass multi-factor authentication (MFA) and compromise user sessions through tactics such as session hijacking and infostealer malware. These techniques pose significant risks to organizations and users, even those who have deployed MFA solutions to secure their systems. ...

October 7, 2024 · 4 min · Anass

CVE-2024-3596: Blast-RADIUS Vulnerability a Major Threat to RADIUS Authentication Protocol

Overview A critical security flaw, CVE-2024-3596, was recently discovered in the RADIUS (Remote Authentication Dial-In User Service) authentication protocol. This vulnerability, dubbed Blast-RADIUS, poses a serious threat to organizations relying on RADIUS for network authentication and access control. Researchers have demonstrated how attackers could exploit the vulnerability to bypass authentication mechanisms, highlighting the risks in environments using non-EAP (Extensible Authentication Protocol) methods over UDP. Vulnerability Details CVE ID: CVE-2024-3596 Description: The Blast-RADIUS attack allows an adversary to perform a Man-in-the-Middle (MITM) attack on RADIUS authentication....

September 23, 2024 · 3 min · Anass