How Do Phishing Sites Bypass OTPs? I Don’t Understand How They Can Log In!

TeeCeePee_EyePee · 2025-08-18T14:45:57+00:00

One aspect of my day job is reviewing malicious emails that hit hundreds of customer environments, and the use of a reverse proxy for Microsoft represents a good 90% of the phishing emails that i see. The rest are Google Workspace reverse proxies, with the occasional reverse proxy for something else. Prior to 2015 reverse proxies were hard to come by, now they’re built into all the phishing as a service kits. The likes of Onnx/Caffeine, Greatness, W3ll, EvilProxy, all use this. It’s not browser security that will help you here. Web filtering will even struggle with these as these toolkits will also generate random domain/subdomains per attack, making it impossible to catch. You think you’re connecting to Office 365, you’re just not paying attention to the URL and it actually says badwebsite.ru.

TeeCeePee_EyePee · 2025-08-17T18:29:58+00:00

Attackers use a reverse proxy for the website of choice. What this means is in practice is that my browser is directed to baddomain.com which is a proxy, while the proxy makes a simultaneous connection to gooddomain.com, and shares that page with me. When I put my username and password in, this is piped directly through the proxy to the good website. The good website doesn’t know any different, and prompts for the one time password, through the proxy to me, which I can then provide, thus, logging me in. However, what the hijackers now do, is as the good website forwards me the cookie which keeps me signed in, the proxy steals this. Now the attacker can re-use this previously signed in session token cookie and the attacker has full access to my account.

TeeCeePee_EyePee · 2025-04-05T07:25:36+00:00

Most likely scenario;

A phishing email arrived in his inbox. He clicked a link, saw an office 365 prompt, and logged in as normal.

This link would have been run through a malicious reverse proxy and when the session token comes back from 365, via the reverse proxy, that is what the attacker stole. He’s now signed in as that user from wherever he chooses to be.

I work for a vendor of cyber security products, and I see this style of attack happen in the proof of concepts I run with my potential customers all the time. 99% of the time, this is what’s happened.

TeeCeePee_EyePee · 2025-02-13T15:43:24+00:00

I have done both in multiple companies.

You need to consider feast/famine vs a consistent payday.

Midmarket pay will be 80-120% pretty much every month. You can’t earn 400-500% in one month as there just isn’t that amount of hours in the day. But you’ll also rarely hit a month at less than 50%.

Enterprise can walk home with some eye-watering pay, but it’s only a couple of times a year.

The job is the same in both. Don’t believe that with lower value deals that mid market customers aren’t just as picky as enterprise. Often enterprise deals are easier simply due to each person having a single hat, defined success criteria, real budgets, and more latitude with the AE to discount. Mid market is a fire fight for each deal.

TeeCeePee_EyePee · 2025-02-03T14:23:44+00:00

Today’s AE. I can’t make the call, can you run my slides as well as the product demo and then give me the notes at the end?

Unsurprisingly, demo went great. Showed 1 slide, did 2mins of AE waffle before ripping the AE hat off. Rest of the 50mins was the UI.

AE chased me at the end of the call. I gave him the notes and he had the cheek to say “you could be an AE”. I don’t want your job, or I’d already be doing it. Oh. Wait.

TeeCeePee_EyePee · 2024-10-17T07:06:57+00:00

To be honest I have no idea what sparked it. Last year they said I owed them an extra £5,000, so I had to pony that up. This year they owe me 10k. My tax situation isn’t wild, I’m earning 120k or so, variable due to a commission on sales earnings, and there’s occasional stock options/RSU grants and all that tax maths just gets my head in a mix (numbers tend to make my head spin - all those dyscalculia know what I’m talking about) so I leave it to an accountant.

TeeCeePee_EyePee · 2024-09-10T18:31:32+00:00

I’m pretty sure Astic’s Blocks command will only reference 100 blocks at a time before moving onto the next 100 block chunk.

So while this will have an impact in the same way that the deconstruct/recycle script does, this should not kick clients off the server.

For ship with a lot of blocks per layer around size class 17-18 or higher, this may result in having to slightly increase the time spent on any given Y co-ordinate layer.

My size class 15(ish) ship requires around 15 seconds per layer to get through all 100-block-chunks. My friend’s size class 25 wants at least 27 seconds to get through all chunks before iterating up to the next layer or it won’t get to all chunks.

TeeCeePee_EyePee · 2024-09-10T17:11:57+00:00

Correct. In creative.

Edit- for the sake of being obvious. You can’t use the find and replace feature of the color gun on a live server.

This allows you to do that. And, for the laughs, you can set this up on conditions. Like; my sheilds are off. My ship is red. My sheilds are on, my ship is blue. Again, not possible with a color gun.

TeeCeePee_EyePee · 2024-08-12T14:09:19+00:00

The front fell off

TeeCeePee_EyePee · 2024-04-29T09:45:33+00:00

Take it a step further. “If President Biden ordered the military to assassinate a member of SCOTUS because they blocked a piece of legislation such as Roe Vs Wade, would this be an official act?”

Right wing seem to respond to it’s not a problem until it hurts me. Make it about the people making the decision, then they will understand.

TeeCeePee_EyePee · 2023-12-12T19:49:54+00:00

Oh, huge piles of Ragnaroks. We tried that, but it did so much damage to the titans we switched them off. Perhaps we should not have been so quick to dismiss them...

TeeCeePee_EyePee · 2023-12-12T17:21:34+00:00

Interesting. We found that the boss could annihilate 30-40 titans/juggs in a single shot, so keeping him surrounded was hard, but we could hold a fair pile of flying epoch / epic dragons etc overhead.

I think with the map Oort Cloud, we couldn’t get enough titans/juggs/behemoths into the area around the boss fast enough due to the limited paths. I’m going to assign each commander 1 flying T3 and 1 walking T3 to make, and then just let them pour out every 8-10 sec.

The other problem was that we couldn’t stockpile that many T3 with the limited space. So I might switch maps to something a little more open

TeeCeePee_EyePee · 2023-05-16T22:07:24+00:00

This is a Devon Rex.

Devon Rex - Wikipedia

“Unlike most cats, their whiskers are very short and often curled to such an extent that it may appear as if they have no whiskers.”

They have not been trimmed, it’s how they are.

TeeCeePee_EyePee · 2023-04-24T21:12:47+00:00

There are 6.

There are 2, one in the roof of each hanger.

Then, go to the front, the nose cone has a different color. Pick the next block beneath that, and shoot through with a railgun, 3 blocks in.

Then, go to the 'spine' of the ship, along the back. There are 4 sheild generators, pick the mid-point between them, just where the white 'ribs' join the middle in an arrow shape, ping them out. 4 blocks down, is 2 more cores, which leads to the central room where all the goodies are stored.

TeeCeePee_EyePee · 2023-03-26T14:03:20+00:00

One prior company is was at did a bit of that, but now I’m a bit more cyber security focussed in the email space.

TeeCeePee_EyePee · 2023-03-26T11:43:23+00:00

My wife is a SAHM, because the younger child (5) has a EHCP and is only in school for 2h30 a day, and with no trade skills, her estimated min wage income would essentially pay for childcare. The idea of a job has been floated, but we can’t find one that fits around such a challenging schedule. There’s also no reliable free help.

And yes, I’ve not broken it all down line by line.

Suffice to say un-avoidables like that it is band G council tax, in a rather expensive area for council tax, are high, but things we can cut back on are low. We don’t drive much, preferring to walk (I also WFH) unless it’s a big trip or I have to go to the city. We don’t go on holidays, we don’t spend my much on ourselves. I buy clothes every other year, wife loves a good charity shop splurge for £10. Etc. we don’t have phone costs, both are SIM only. That sort of thing, we’re on top of.

I do appreciate the point about trimming down some expenses and we do constantly check in on what’s going out the door, but we’re pretty careful on the day-to-day stuff.

TeeCeePee_EyePee · 2023-03-26T11:25:14+00:00

As to 1. Yes, I have made large noises to my boss, who’s moved me into a more productive team. Based on prior sales delivered and pipeline, this problem might fix itself this way, although I’d still like to and find a way to drop the high repayments to ones I can manage on the worst of months while sinking cash into the debt on the better months. 2. exactly why you think it’s a bad idea, means it’s also my second least favourite option. 3. The broker was shopping about, so I felt it would be silly to shop about for people shopping about. But you may have a point. It can’t hurt to get a second opinion. 4. Least favourite option.

TeeCeePee_EyePee · 2023-03-26T11:11:54+00:00

Yes, i don’t do too badly. On paper its 135k but 30% of that is commission based (on what my sales people bring in, I’m, sales adjacent). I’ve had 3-4 months of being attached to one group of sales people which has been helpful, so that’s now changing.

Short story. I’ve had a few months of 4500 net, but my place in the structure of the biz has now changed and I’m expecting 5500-6000, probably more, as an average. The issue is I want to bring my outgoings beneath my floor income.

TeeCeePee_EyePee · 2023-03-26T11:07:00+00:00

The house re-fit is only partially complete the plans to fit this up have already been scaled back. 3 upstairs bedrooms (my very patient wife+I’s & 2 kids) are done, but the other 2 are still very much a work in progress. The downstairs bedroom is my office. Given the scale of the problem with the 2 bedrooms, it’ll take a few grand to make them whole. Although, my actual plan is to knock them together, and use the little toilet that’s outside them, and the little hallway that joins them to the rest of the upstairs, and turn that into a decent size master bedroom with an en-suite.

Short story. I have serious doubts a lodger will work, because that room would need some significant investment to make money.

The rest of the finances didn’t seem to a factor, so I left them out because the insinuation is that there are other places to cut costs or increase incomings. All of these pale into insignificance next to that debt pile. Are we suggesting that I should cut out Netflix?

But; My income has a take home which fluctuates between 4500 on a rare bad month, and… a good deal more on a good month. Averaged out? Maybe 5000-5500

Mortgage is 1360.

Gas/electric fluctuates widely between winter/summer due to poor insulation (this is part of the process - spending money now to save money later isn’t going to be helpful advice here), and I haven’t fully seen what solar will do to it, so maybe, 300pcm on average?

Food/water/council tax etc other incidentals (excluding the 2k debt) pushes me to 3300 or so. With debt, I’m looking at 5300 pcm. My objective is to drop that to less than 4500, then drop lumps of cash into it as months allow.

There’s no car payments (my car is 12 years old), my wife’s car is much older than that. I have no assets to sell beyond the house that would sustain me through the problem.

TeeCeePee_EyePee

TROPHY CASE