Jack Button

306 posts

Jack Button banner
Jack Button

Jack Button

@jackbutton_

Pentester | Infosec | Music | Travel

Leeds Bergabung Şubat 2012
518 Mengikuti251 Pengikut
Tweet Disematkan
Jack Button
Jack Button@jackbutton_·
Been a little while since I last did a writeup - I'm going to take this as the encouragement to do more 🙌
Kuba Gretzky@mrgretzky

Our fellow BREAKDEV RED member @jackbutton_ has published the long awaited guide on how to protect your Evilginx instances ‼️ Find out how to deploy an additional Cloudflare layer in front, for extra protection! 🔥🎣 A must read for all phishermen! 🪝🐟 jackphilipbutton.com/post/how-to-pr…

English
1
1
6
3.5K
myexploit2600
myexploit2600@myexploit2600·
I will be presenting a talk @Steel_Con tomorrow between 12:00 to 1:00pm (just before lunch) in track 2 where I started 8 years ago. The talks about the years of steelcon, and the exploits of then and now. Can’t wait to be back in Sheffield, if you see me, come say hi.
English
2
5
24
1.4K
Jack Button
Jack Button@jackbutton_·
@HackingDave Followed you on here for a good while - have always loved the cyber content but also a big fan of all the awareness you've raised around health too 🙌 You shared a blog post of mine a while back and it made my day! Would love a follow when you get the time. Cheers!
English
0
0
1
49
Dave Kennedy
Dave Kennedy@HackingDave·
Sitting on the beach and reflecting how family and friends are the most important thing in life. On that note, who am I not following on here that wants me to follow? Always love meeting and learning from new folks. Will follow if you drop in the replies.
English
45
1
163
11.2K
Jack Button
Jack Button@jackbutton_·
@mrgretzky Congrats Kuba! Massive achievement, wishing you all the success!
English
1
0
1
664
Kuba Gretzky
Kuba Gretzky@mrgretzky·
🚨 Evilginx Pro is finally here! 🚨🪝🐟 This is it! After over two years of development, countless delays, and hundreds of manual company verifications, Evilginx Pro is finally live! Thank you all for your invaluable support 💗 breakdev.org/evilginx-pro-r…
English
27
81
415
38.1K
Jack Button
Jack Button@jackbutton_·
@mrgretzky It's hard to keep up with all the great posts and ideas in there. Awesome space you've made Kuba!
English
1
0
1
165
Kuba Gretzky
Kuba Gretzky@mrgretzky·
🎂 BREAKDEV RED launched a year ago on 9th Nov 2023. It's a closed community for red teamers where every member is approved by hand. Takeaways: 👫 1203 red teamers approved & joined 🤗 Made lots of new friends 📚 Learned from the best Thank you for making it extraordinary! 💗
Kuba Gretzky tweet mediaKuba Gretzky tweet mediaKuba Gretzky tweet media
English
10
9
78
6.3K
Jack Button
Jack Button@jackbutton_·
This time next week I'll be arriving at DEF CON 32, with the rest of the @OmniCyber_Sec Red Team. Incredibly excited about the talks and workshops on this year, ready to be inspired. Drop us a message if you're out there too, would be great to link up! #defcon #defcon32 #redteam
Jack Button tweet media
English
0
1
2
237
Ryan Dewhurst
Ryan Dewhurst@ethicalhack3r·
Anyone know of a service where I can check if an email domain has been part of a breach? Without having to scour the web looking for password dumps to search. And without having to verify the domain, like @haveibeenpwned requires. Just need the users of a domain who have been
English
3
1
0
1.8K
Jack Button
Jack Button@jackbutton_·
@EricaZelic Glad you've found it useful! I should have probably split the advice in the post to read as: domain older than 30 days to stop firewalls/email protection blocking and not 'brand new' e.g. less than 3 day old certs so you don't have you inf hammered by web scanners. Good Luck 🎣
English
1
0
1
38
IAM!ERICA
IAM!ERICA@EricaZelic·
This was based on advice in this blog post: jackphilipbutton.com/post/how-to-pr… Detecting based on Lets Encrypt alone (or others mentioned by dragosr) would be very low fidelity. Detecting based on a newly registered domain that is not categorized with a Lets Encrypt certificate (or others) should be occuring. If it is not, make it so and test it.
dragosr@dragosr

@EricaZelic Since the default certbot behaviour is to renew Let's Encrypt certs 30 days before the recommended 60 day lifetime, usually every Let's Encrypt cert will be less than 30 days old. So what makes Let's Encrypt more malicious than ZeroSSL, Universal SSL and the others?

English
4
1
8
2.9K
Jack Button
Jack Button@jackbutton_·
@Steel_Con The magnets last year were an ace blast from the past, but also excellent fridge magnets for bulkier items 😁
English
0
0
0
19
SteelCon
SteelCon@Steel_Con·
Every year we wonder how we will find enough stuff to fill the goody bags and every year we end up having to decide which things not to buy
English
3
4
11
1.5K
Jack Button
Jack Button@jackbutton_·
Super fun few days learning and drilling surveillance and counter-surveillance for @OmniCyber_Sec Red Team engagements
Jack Button tweet media
English
0
0
1
195
Jack Button
Jack Button@jackbutton_·
Browser In The Browser (BITB) attacks are back for 2024 🎉. HTML and CSS wizardry to bypass framebusters 🧙‍♂️🎣 GitHub repo here by @waelmas01 github.com/waelmas/framel…
Wael Masri@waelmas01

🚨 New Phishing Attack: Frameless BITB + Evilginx (2024 edition) 🔐Full tutorial on how to set up one of the most believable phishing attacks using a new Browser In The Browser + Evilginx attack that bypasses even the most advanced framebusters. youtu.be/luJjxpEwVHI

English
1
0
6
486
Sebas
Sebas@0xroot·
🛡️ Protecting Evilginx with Cloudflare and HTML Obfuscation Learn to protect your Evilginx server form the 'Deceptive site ahead' message Increase the success rate of your social engineering 🎣 and red team ⚔ engagements 👤 @jackbutton_ jackphilipbutton.com/post/how-to-pr…
English
1
7
26
1.7K
Jack Button
Jack Button@jackbutton_·
@janbakker_ Cheers for sharing! Very happy to be included with those other resources - excellent collection!
English
0
0
1
47
Jack Button
Jack Button@jackbutton_·
@mrgretzky Thanks for sharing it Kuba and your encouragement in getting it written and out there
English
1
0
2
203
Kuba Gretzky
Kuba Gretzky@mrgretzky·
Our fellow BREAKDEV RED member @jackbutton_ has published the long awaited guide on how to protect your Evilginx instances ‼️ Find out how to deploy an additional Cloudflare layer in front, for extra protection! 🔥🎣 A must read for all phishermen! 🪝🐟 jackphilipbutton.com/post/how-to-pr…
English
4
108
337
44.6K
Jack Button
Jack Button@jackbutton_·
@HackingLZ Thanks so much for sharing, I'm stoked that you've read it!
English
0
0
1
68
Jack Button
Jack Button@jackbutton_·
My writeup on how to protect your Evilginx server from the dreaded 'Deceptive site ahead' warning when conducting Red Team and Social Engineering engagements 🎣 jackphilipbutton.com/post/how-to-pr…
English
1
4
25
1.2K

Jelajahi

@myexploit2600 @Steel_Con @HackingDave @mrgretzky @OmniCyber_Sec @Northernechoes @ethicalhack3r @haveibeenpwned