Using a combination of Cloudflare and HTML Obfuscation, it is possible to protect your Evilginx server from being flagged as deceptive and so increase your chances of success on Red Team and Social Engineering engagements.
Anyone who has tried to run a Social Engineering campaign will at some point seen the ‘Deceptive site ahead’ warning.
It’s frustrating to have a purchased domain burned like this and, even worse, if it occurs after emails/SMS etc. have been sent out can badly affect the OPSEC of a Red Team engagement or waste a pretext (and alert end users) of a Social Engineering engagement.
