<aside> 🔖
</aside>
Project Title: End-to-End Phishing Campaign with GoPhish and Evilginx | A Study on Detection‑Evasion Tactics and MFA Bypass in Modern Phishing
Platform: Cloud-Based VPS Infrastructure (DigitalOcean + Cloudflare + Mailgun)
Project Scope: Designing and deploying a professional-grade red-team phishing campaign infrastructure capable of bypassing MFA protections. This included domain acquisition, mail service integration, stealth configuration, and the use of Evilginx for adversary-in-the-middle (AiTM) credential and session hijacking.
Author: Athanasios Oikonomopoulos / B4ckD00rR4t
This project replicates a real-world adversary workflow for phishing and MFA evasion. Using a hardened DigitalOcean VPS, a newly registered domain managed through Cloudflare, and Mailgun for SMTP delivery, I engineered an environment that convincingly delivered phishing emails, harvested credentials, and hijacked MFA-protected sessions.
The main goal was to demonstrate how attackers build, execute, and responsibly dismantle phishing infrastructure, while showcasing OPSEC considerations such as domain reputation, blacklist evasion, and certificate transparency risks.
Throughout the project, I:
cloud-security-center.com), performing blacklist checks via VirusTotal to ensure a clean reputation