No signup. No paywall. No catch.One of our 10 most-requested practitioner modules — published in full so anyone can learn for free. We earn through consulting, not by gating knowledge.
Why this module. Phishing-resistant auth is the only auth that holds up against modern proxy-phishing attacks (EvilGinx and similar). WebAuthn / Passkeys are the standard. Apple, Google, Microsoft all default-support; Indian banks are following.
Why this module. Phishing-resistant auth is the only auth that holds up against modern proxy-phishing attacks (EvilGinx and similar). WebAuthn / Passkeys are the standard. Apple, Google, Microsoft all default-support; Indian banks are following.
Why TOTP isn’t enough anymore
EvilGinx-style proxy phishing intercepts the TOTP at login time. User enters TOTP on phishing page → attacker forwards to real site → real site issues session → attacker captures session. TOTP doesn’t help.
WebAuthn / Passkeys: cryptographic challenge tied to the legitimate origin. The phishing site can’t replay because the challenge is bound to the URL.
Want this for your team?
Custom team training + practitioner advisory
Beyond the free academy — we run private workshops, vCISO advisory, and red-team exercises tailored to your stack. For Indian SMBs scaling past their first hire.
