Evolutions in Offensive Toolkits: Phishing

Binary Defense observed a rise in phishing toolkits that use automation (e.g., axios) to capture authentication tokens and rapidly hijack sessions; a recent incident showed token capture, automated MFA registration, and attempted account takeover that was contained thanks to least-privilege controls. The report highlights the axios user-agent as an actionable IOC, outlines detection opportunities (programmatic user agents, MFA changes, suspicious inbox rules, atypical geolocations), and recommends containment and mitigation steps including blocking IPs, rotating credentials, removing fraudulent 2FA methods, enforcing conditional access, and phishing education.