In the footsteps of Phrack. Searching for LKM rootkits in RAM and examining x64 memory

Date: 12/05/2025

A long time ago, in the early days of my journey to Linux kernel rootkits, I came across a Phrack article describing a rootkit detection technique implemented for i386. The article wasn’t new and referred to a vintage Linux kernel dated 2003. Something in that paper caught my attention, although much remained unclear… Ultimately, I decided to implement the anti-rootkit concept described in it for modern systems.
Read full article →

Evilginx + Gophish. Deploying phishing simulation infrastructure and bypassing 2FA

Date: 21/04/2025

In the course of a pentesting audit, you often have to simulate phishing attacks. This article provides a step-by-step guide to deploying infrastructure for such simulation. You will learn how to create a mail server from scratch, install and configure the Evilginx reverse proxy, and then integrate it with the Gophish phishing framework. At the end, a practical example of phishing attack is presented: you will intercept login, password, and session cookies and consequently bypass two-factor authentication.
Read full article →