2FA - Smartphone
Limitazioni
How Hackers Bypass Gmail 2FA at Scale
A new Amnesty International report goes into some of the technical details around how hackers can automatically phish two-factor authentication tokens sent to phones.
https://www.vice.com/en_us/article/bje3kw/how-hackers-bypass-gmail-two-factor-authentication-2fa-yahoo
The Return of The Charming Kitten
A review of the latest wave of organized phishing attacks by Iranian state-backed hackers
https://blog.certfa.com/posts/the-return-of-the-charming-kitten/
Real-time phishing tool:
Modlishka is a powerful and flexible HTTP reverse proxy....can be currently used to: Support ethical phishing penetration tests with a transparent and automated reverse proxy component that has a universal 2FA “bypass” support.https://github.com/drk1wi/Modlishka
SMS OTP interception
Thieves drain 2fa-protected bank accounts by abusing SS7 routing protocol https://arstechnica.com/information-technology/2017/05/thieves-drain-2fa-protected-bank-accounts-by-abusing-ss7-r…
A new Amnesty International report goes into some of the technical details around how hackers can automatically phish two-factor authentication tokens sent to phones.
https://www.vice.com/en_us/article/bje3kw/how-hackers-bypass-gmail-two-factor-authentication-2fa-yahoo
The Return of The Charming Kitten
A review of the latest wave of organized phishing attacks by Iranian state-backed hackers
https://blog.certfa.com/posts/the-return-of-the-charming-kitten/
Real-time phishing tool:
Modlishka is a powerful and flexible HTTP reverse proxy....can be currently used to: Support ethical phishing penetration tests with a transparent and automated reverse proxy component that has a universal 2FA “bypass” support.https://github.com/drk1wi/Modlishka
SMS OTP interception
Thieves drain 2fa-protected bank accounts by abusing SS7 routing protocol https://arstechnica.com/information-technology/2017/05/thieves-drain-2fa-protected-bank-accounts-by-abusing-ss7-r…