Click Here Evilginx’s good intentions
20 snips
Oct 17, 2025 Kuba Gretzky, a Polish developer, dives into the world of cybersecurity, revealing how he created Evilginx to bypass multi-factor authentication. Initially designed for good, the tool's misuse by hackers raises ethical questions. He discusses his transition from game bot creator to a sought-after security researcher, emphasizing the importance of openness in defending against cyber threats. Discover how tools intended to enhance security can sometimes backfire, turning a well-meaning project into a double-edged sword.
AI Snips
Chapters
Books
Transcript
Episode notes
From Game Bot To Security Developer
- Kuba built a bot to automate gameplay so his character could keep leveling while he slept.
- That curiosity led him from gaming reverse engineering into offensive security tool development.
MFA Can Be Bypassed By Proxy Phishing
- Evilginx is a reverse-proxy phishing tool that can capture MFA tokens by relaying real sessions.
- This reveals many MFA methods (SMS, push, authenticator apps) are vulnerable to session-stealing proxies.
Public Release Led To Misuse
- Kuba uploaded Evilginx's public version to GitHub in 2017 to let security teams test defenses.
- Shortly after, malicious actors began using the tool for real attacks.
