auth-io.com
Private security research documentation — node233 + SELUTH
Internal knowledge base for active red team and blue team research. Every page documents something built, tested, and confirmed on owned infrastructure.
Research Tracks
| Track | Status | Latest Finding |
|---|---|---|
| Evilginx AitM | live | ESTSAUTHPERSISTENT opens all M365 regardless of which app was phished |
| FOCI Token Chain | confirmed | MS Office refresh token to Teams to Graph API 200 to org enumeration |
| SSH Key Persistence | documented | authorized_keys injection — silent, persistent, survives password reset |
| Crypto / Web3 | queued | GoPlus Security finding pending review |
Infrastructure
| VPS | Domain | Role |
|---|---|---|
| 62.171.153.214 | sessionapp.org / appsession.org / auth-io.com | Red team — evilginx, memory, bots, docs |
| 80.78.18.72 | office-auth.com | Red team — evilginx o365 lure |
| 80.78.25.100 | TBD | Blue team VPS — incoming |