<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Microsoft MFA Bypass on Ethical Hacking | Pentest e Sicurezza Informatica | Hackita</title><link>https://hackita.it/tags/microsoft-mfa-bypass/</link><description>Recent content in Microsoft MFA Bypass on Ethical Hacking | Pentest e Sicurezza Informatica | Hackita</description><generator>Hugo</generator><language>it</language><lastBuildDate>Fri, 19 Jun 2026 00:00:00 +0000</lastBuildDate><atom:link href="https://hackita.it/tags/microsoft-mfa-bypass/index.xml" rel="self" type="application/rss+xml"/><item><title>Evilginx 3: AiTM Phishing and MFA Bypass for Red Teams</title><link>https://hackita.it/articoli/evilginx3-aitm-mfa-bypass/</link><pubDate>Fri, 19 Jun 2026 00:00:00 +0000</pubDate><guid>https://hackita.it/articoli/evilginx3-aitm-mfa-bypass/</guid><description>&lt;h1
 id="evilginx-3-complete-guide-to-aitm-phishing-mfa-bypass-and-session-cookie-theft" class="group/anchor-heading"&gt;
 Evilginx 3: Complete Guide to AiTM Phishing, MFA Bypass, and Session Cookie Theft
 &lt;a href="#evilginx-3-complete-guide-to-aitm-phishing-mfa-bypass-and-session-cookie-theft" class="text-inherit opacity-0 group-hover/anchor-heading:opacity-100 decoration-transparent"&gt;#&lt;/a&gt;
&lt;/h1&gt;&lt;p&gt;Multi-factor authentication doesn&amp;rsquo;t stop Adversary-in-the-Middle phishing. The technique doesn&amp;rsquo;t bypass MFA — it lets the victim complete it normally, then steals the session cookie Microsoft issues afterward. The attacker never touches the MFA step. They take what comes out of it.&lt;/p&gt;
&lt;p&gt;Evilginx 3 is the open-source red team framework for demonstrating this attack class in authorized engagements. Written in Go by security researcher Kuba Gretzky, it runs a self-contained reverse proxy with its own HTTP and DNS server — no nginx dependency, no external daemons. This article covers the full red team workflow: infrastructure, installation, phishlet structure, session capture, and the detection indicators every blue team should know.&lt;/p&gt;</description></item></channel></rss>