~/research_&_contributions

A collection of public talks, deep-dive articles, tools, and community contributions focusing on offensive security, red teaming, and advanced phishing capabilities.

Talks & Publications

Cloud Edge Phishing

OOTB Bangkok 2025 Talk

Breaking the future of auth: exploring advanced phishing techniques and infrastructure setups targeting modern authentication mechanisms on the edge.

#Talk#Phishing#Edge computing

Authentication Downgrade Attacks

IOActive Research

A comprehensive technical deep dive into MFA bypass techniques through modern authentication downgrade attack paths.

#Article#MFA Bypass#Authentication

Arsenal & Tools

GitLab Device Code Phishing

Maldev Academy Collaboration

A proof-of-concept tool utilizing the Device Authorization Flow in GitLab to achieve seamless phishing attacks, integrated as part of Maldev Academy.

#Tooling#Go#GitLab

GitHub Device Code Phishing

Maldev Academy Collaboration

Companion tool to the GitLab version, exploiting GitHub's Device Authorization Flow for token exfiltration via phishing.

#Tooling#Go#GitHub

Security Researcher @ Maldev Academy

Phishing Contributions

Maldev Academy Hall of Thanks

Official recognition as a contributor on the Maldev Academy training platform.

#Recognition#Community

> A curated selection of highlights from the 20+ advanced modules and contributions developed for the platform:

Evilginx URL Rewriting

Modifying Evilginx to intuitively mask the URL, avoiding standard URL signature detection.

#Evilginx#Evasion

MFA Bypass Via Azure AITM

Implementing an AITM phishing proxy with downgrade capabilities using Azure Functions & Azure Front Door.

#Azure#AITM#Proxy

Client Analysis Via CF Workers

Anti-bot, anti-analysis, and robust client tracking capabilities all implemented within a Cloudflare Worker.

#Cloudflare#Anti-bot

Evilginx Phishlet Development

Comprehensive learning module. Includes a working M365 phishlet with advanced downgrade capabilities.

#Phishlet#M365