State Review II
How can we make this better?
We need:
- Intercept MFA requests. We are already tricking the user to visiting our site, so this is easier then it sounds.
- Use invisible HTML tags to bypass email filtering.
- Detect bots and show them benign pages.
- Ensure our domains do not match the target or prominent service provider.
- Obfuscate payloads to bypass EDR protections.