State Review II

How can we make this better?

We need:

  • Intercept MFA requests. We are already tricking the user to visiting our site, so this is easier than it sounds.
  • Use invisible HTML tags to bypass email filtering.
  • Detect bots and show them benign pages.
  • Ensure our domains do not match the target or prominent service provider.
  • Obfuscate payloads to bypass EDR protections.
Last modified August 31, 2024: better spelling. new post (15bc7a8)