Over four years have passed since the release of Windows 10, and throughout this entire period, user data have been ‘leaking’ to Microsoft servers. The problem has been further exacerbated by Microsoft repeatedly forcing a reset of the users’ privacy settings and reactivating Windows Update disabled by the user. In this article, I will discuss and compare several utilities developed to control Microsoft’s ‘spying’ activities, and test their efficiency on two Window 10 builds.
Today, we are going to examine Evilginx 2, a reverse proxy toolkit. We will also find out how to use it to bypass two-factor authentication and steal Instagram login credentials. Finally, we will build and launch a combat server, tweak it, and go phishing!
Underground forums are full of offers to hack an account or two (or sell you the login credentials of some ten million accounts if you like). In most cases, such attacks involve phishing (sorry, social engineering) and use fake authentication pages. However, this method is ineffective if the user gets pushed a prompt or receives a text message with a six-digit verification code. I am going to demonstrate how to breach the two-factor authentication system by hacking a Google account belonging to one of this magazine’s humble editors.