Filet-O-Phish: What Makes Phishing-Resistant MFA Phishing Resistant?
Phishing-resistant MFA. Since May 2021, when the White House issued Executive Order 14208, the term has become as much of a global buzzword. Every cloud identity provider is offering it. Everyone needs to include it in their Zero Trust strategy. Startups have built their business solely around providing it. But what exactly is it? And what makes it phishing-resistant? In this discussion, we’ll explore what phishing-resistant MFA means in the ecosystem of Microsoft and Azure AD. And in our exploration, we’ll walk through an actual exercise of performing an attacker-in-the-middle (AiTM) scenario in a lab, using Evilginx2, successfully capturing our targets password and SMS-based MFA, and relaying this to breach the users account. We’ll then go through the same exercise with phishing-resistant credentials and see firsthand how they thwart common AiTM scenarios. And to wrap it up, we’ll look at how you can enforce phishing-resistant MFA and authentication in Azure AD.
We deploy identity solutions optimizing for long term stability, but in cyber security change is a constant - we adapt …
Passwordless authentication is all the rage, especially in terms of how it can improve an organization's identity risk posture and …
Cyberattacks against transportation companies—including railways, airlines, shipping, and trucking—are surging. According to a recent Trellix report, the transportation sector in …
Join Semperis breach preparedness and response services experts Guido Grillenmeier, Jeff Wichman, and Sean Deuby as they discuss what they’ve …
This talk proposes a practical methodology to significantly increase an organization's cyber resilience posture against advanced adversaries. Security practitioners are …