Oleksandr Vengeruk Blob URLs - The Phishing Disguise Hiding in Your Browser Blob URLs - The Phishing Disguise Hiding in Your Browser In recent months we started noticing a growing number of phishing websites abusing a legitimate technology; Blob URLs. While these are not new,... AiTM Phishing
John Fitzpatrick Tycoon2FA is Down - What Happens Next? On March 4th 2026, a Europol-led coalition took down Tycoon2FA -one of the largest adversary-in-the-middle (AiTM) phishing-as-a-service platform in operation. At its p... AiTM Tycoon2FA
John Fitzpatrick Starkiller - A Reminder That a Residential Proxy Strategy is Needed Starkiller markets itself as an "Advanced Phishing Framework" with bold claims: 99.7% success rate, 0% detection rate. Having comprehensively mapped their infrastructure we... AiTM proxies starkiller
John Fitzpatrick AiTM Detection In recent years AiTM attacks have surged. They are currently the primary way we see organisations compromised and they are often extremely difficult... AiTM
Oleksandr Vengeruk Azure Front Door AiTM Phishing We see new phishing toolkits and infrastructures all the time. Most of them are following the same patterns and are easy to spot. But, just a couple of weeks ago, during... AiTM Azure Microsoft Phishing
John Fitzpatrick Where Conditional Access Risk Policies Fail... Microsoft provides a number of conditional access policy templates for organisations to deploy. They are mostly good, but one in particular has caused us some concern. That is this template which, in ... AiTM Conditional Access Policies Microsoft
John Fitzpatrick AiTM Non-Incident Report Recently one of our customers let us know that our AiTM feed had blocked what would otherwise have been a successful AiTM attack . The attack tricked a user into authenticating with active Adversary i... AiTM Conditional Access Policies Coudflare Incident workers.dev
