Modern Multi-Factor Authentication Bypass Techniques: A Taste of SANS SEC660
With the proliferation of multi-factor authentication, penetration testers need to apply existing tooling to manipulate even internal applications. Building attack infrastructure internally during a penetration test is resource exhausting, but modern tools like evilginx can do most of the heavy lifting for us.
This webcast will cover an excerpt from SANS SEC660: Advanced Penetration Testing, Exploit Writing, and Ethical Hacking™, using evilginx to bypass internal application authentication.
There are many examples of public MFA bypass attacks, such as manipulating credentials from office365. Here, we will discuss and demonstrate such an attack, resulting in pivoting internally into an administrative console.
This webcast supports content and knowledge from SEC660: Advanced Penetration Testing, Exploit Writing, and Ethical Hacking™. To learn more about this course, explore upcoming sessions, and access your FREE preview, click here.
