The vast majority of successful attacks that Lab539 observe relate to credential theft. A large proportion of these now also bypass multi factor authentication controls such as Microsoft Authenticator.

To mitigate these attacks we created some rather clever (and we believe unique) capability to detect and block the infrastructure which will be used for these attacks before it has even been fully deployed, and usually long before the attacks start. This is not a feed of IP addresses that have been observed carrying out nefarious activities, this is a feed of infrastructure that is are about to carry out nefarious activities. We proactively detect Evilginx and other front and back end AiTM infrastructure.

We provide feeds to allow you to protect your environments in a number of different ways:

API - Webhooks - Seamless Microsoft conditional access integration

Subscribe to the most advanced Adversary in The Middle feed available

One Time Purchase

AiTM Feed - [Defender] - one year fixed term
£1,200.00
Add To Cart

AiTM Feed Comparison

Documentation

API Quickstart

Full API documentation is available at https://aitm.lab539.io/ but here is a handy quick reference to hit the API from the command line:

Curl

curl -s -H "Authorization: Bearer <YOUR_API_KEY>" https://aitm.lab539.io/search/hostname/microsoft

Windows Powershell

Invoke-RestMethod -Uri "https://aitm.lab539.io/search/hostname/google" -Method Get -Headers @{Authorization = 'Bearer <YOUR_API_KEY>'}

Incorporate our AiTM feed into your services

If you provide security services you can enhance them by incorporating our AiTM feed transparently into your service, allowing your customers to benefit from real time AiTM tracking.

Get in touch and we’ll custom build a package tailored to your specific needs

Get in Touch

Can’t find the right package for you? Want to sanity check something before you subscribe? Would rather pay by invoice? Interested in incorporating our feed into your services? or something else? The get in touch: