Disclosure Date:  01/08/24

ECI Software Solutions E2 MFG Version 2022.6.0102.1104 and possibly before are affected by a Cleartext Transmission of Sensitive Information.  This could lead to a full compromised of the E2 MFG application, a full compromise of the Microsoft SQL Server, as well as other malicious actions. 

Hack the Box "Zephyr is an intermediate-level red team simulation environment, designed to be attacked as a means of learning and honing your engagement skills and improving your active directory enumeration and exploitation skills. Zephyr includes a wide range of essential Active Directory flaws and misconfigurations to allow players to get a foothold in corporate environments."

When running phishing campaigns, I use a number of tools.  For the mass, quarterly, security awareness training, I use the platform in Proofpoint.  For a more dynamic situation, I might use GoPhish.  For something quick and dirty for snagging credentials, I might use Evilginx2.  

From their Github:  "Evilginx2 is a man-in-the-middle attack framework used for phishing login credentials along with session cookies, which in turn allows to bypass 2-factor authentication protection."