SlideShare a Scribd company logo

Trust, but verify – Bypassing MFA

Download as PPTX, PDF
DefCamp, profile picture
DefCamp

This document discusses multi-factor authentication (MFA) and methods for bypassing it. It defines MFA as requiring more than one validation procedure to authenticate individuals. It describes the different factors of authentication as something you know, something you have, and something you are. It outlines various deployment modules for each factor type, including passwords, tokens, biometrics. It also covers challenges of MFA implementation and methods attackers could use to bypass MFA security, such as email filtering or legacy protocol exploitation.

Technology
1 of 20
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
Classification: //Secureworks/Public Use:© SecureWorks, Classification: //Secureworks/Confidential - Limited External Distribution:1 DefCamp9 - 2018 -
Classification: //Secureworks/Public Use:© SecureWorks, Classification: //Secureworks/Confidential - Limited External Distribution:2 “Trust, but verify” – bypassing MFA Mircea NENCIU Stefan MITROI
Classification: //Secureworks/Public Use:© SecureWorks, Classification: //Secureworks/Confidential - Limited External Distribution: What is MFA Multi-factor authentication (MFA) represents a security system in which individuals are required to authenticate through more than one security and validation procedure.
Classification: //Secureworks/Public Use:© SecureWorks, Classification: //Secureworks/Confidential - Limited External Distribution: History of MFA With the ever increasing use of computer systems, people realized that the information stored was sometimes very confidential in nature. As such, better security was required something that didn’t just reply on the memory of the user, something that was harder to give away by mistake or could be extracted as a result of database breaches.
Classification: //Secureworks/Public Use:© SecureWorks, Classification: //Secureworks/Confidential - Limited External Distribution: Authentication factors  MFA is a method of granting access after confirming the identity of the user by validating two or more claims presented, each from a different category
Classification: //Secureworks/Public Use:© SecureWorks, Classification: //Secureworks/Confidential - Limited External Distribution: Authentication factors  Something you know  Something you have  Something you are
Classification: //Secureworks/Public Use:© SecureWorks, Classification: //Secureworks/Confidential - Limited External Distribution: Deployment modules  Something you know  Password  Passphrase  Pin  Secret questions
Classification: //Secureworks/Public Use:© SecureWorks, Classification: //Secureworks/Confidential - Limited External Distribution: Deployment modules  Something you have  Phone(call/SMS)  Soft token  Hard token
Classification: //Secureworks/Public Use:© SecureWorks, Classification: //Secureworks/Confidential - Limited External Distribution: Something you are  Something you are  Fingerprint  Voice recognition  Facial recognition
Classification: //Secureworks/Public Use:© SecureWorks, Classification: //Secureworks/Confidential - Limited External Distribution: Challenges  Cost  Confidentiality  Availability  Compatibility  User convenience
Classification: //Secureworks/Public Use:© SecureWorks, Classification: //Secureworks/Confidential - Limited External Distribution: Meet Dave
Classification: //Secureworks/Public Use:© SecureWorks, Classification: //Secureworks/Confidential - Limited External Distribution: Securing Dave
Classification: //Secureworks/Public Use:© SecureWorks, Classification: //Secureworks/Confidential - Limited External Distribution: Security Incidents
Classification: //Secureworks/Public Use:© SecureWorks, Classification: //Secureworks/Confidential - Limited External Distribution: POC
Classification: //Secureworks/Public Use:© SecureWorks, Classification: //Secureworks/Confidential - Limited External Distribution: POC
Classification: //Secureworks/Public Use:© SecureWorks, Classification: //Secureworks/Confidential - Limited External Distribution: Bypassing SPAM filters  Most popular enterprise email solution Outlook/Office365  Moving from an “on-prem” exchange to a hybrid or full cloud model  test@[domain].com vs test@[domain.]onmicrosft.com
Classification: //Secureworks/Public Use:© SecureWorks, Classification: //Secureworks/Confidential - Limited External Distribution: Bypassing SPAM filters
Classification: //Secureworks/Public Use:© SecureWorks, Classification: //Secureworks/Confidential - Limited External Distribution: Check compatibility  Understand the network  Legacy protocols  Modern Authentication  Continual service improvement
Classification: //Secureworks/Public Use:© SecureWorks, Classification: //Secureworks/Confidential - Limited External Distribution: Q&A
Classification: //Secureworks/Public Use:© SecureWorks, Classification: //Secureworks/Confidential - Limited External Distribution: THANK YOU!

More Related Content

What's hot (20)

PDF
DTS Solution - Yehia Mamdouh - Release your pet worm on your infrastructure....
Shah Sheikh
 
PPTX
Make Every Spin Count: Putting the Security Odds in Your Favor
David Perkins
 
PDF
How we breach small and medium enterprises (SMEs)
NCC Group
 
PPTX
PACE-IT: Network Access Control
Pace IT at Edmonds Community College
 
PDF
My Final Year Project
MOHAMMEDELALAM1
 
PPTX
Thinking Differently About Security Protection and Prevention
David Perkins
 
PPTX
Cerdant Security State of the Union
David Perkins
 
PDF
Network security
Sri Manakula Vinayagar Engineering College
 
PPT
Network Security Tools and applications
webhostingguy
 
PPTX
Vpn
Lan & Wan Solutions
 
PDF
Advanced Threat Protection – ultimátní bezpečnostní řešení
MarketingArrowECS_CZ
 
PPTX
Managing and Securing Remote Access To Critical Infrastructure, Yariv Lenchne...
Digital Bond
 
PPTX
New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever
AlienVault
 
PDF
VIPER Labs - VOIP Security - SANS Summit
Shah Sheikh
 
PPTX
All about Firewalls ,IPS IDS and the era of UTM in a nutshell
Hishan Shouketh
 
PPTX
Practical SME Security on a Shoestring
NCC Group
 
PPTX
Forti web
Lan & Wan Solutions
 
PPTX
Advanced Threat Protection
Lan & Wan Solutions
 
PPTX
2013 Security Threat Report Presentation
Sophos
 
PPTX
Check Point designing a security
Group of company MUK
 
DTS Solution - Yehia Mamdouh - Release your pet worm on your infrastructure....
Shah Sheikh
 
Make Every Spin Count: Putting the Security Odds in Your Favor
David Perkins
 
How we breach small and medium enterprises (SMEs)
NCC Group
 
PACE-IT: Network Access Control
Pace IT at Edmonds Community College
 
My Final Year Project
MOHAMMEDELALAM1
 
Thinking Differently About Security Protection and Prevention
David Perkins
 
Cerdant Security State of the Union
David Perkins
 
Network security
Sri Manakula Vinayagar Engineering College
 
Network Security Tools and applications
webhostingguy
 
Vpn
Lan & Wan Solutions
 
Advanced Threat Protection – ultimátní bezpečnostní řešení
MarketingArrowECS_CZ
 
Managing and Securing Remote Access To Critical Infrastructure, Yariv Lenchne...
Digital Bond
 
New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever
AlienVault
 
VIPER Labs - VOIP Security - SANS Summit
Shah Sheikh
 
All about Firewalls ,IPS IDS and the era of UTM in a nutshell
Hishan Shouketh
 
Practical SME Security on a Shoestring
NCC Group
 
Forti web
Lan & Wan Solutions
 
Advanced Threat Protection
Lan & Wan Solutions
 
2013 Security Threat Report Presentation
Sophos
 
Check Point designing a security
Group of company MUK
 

Similar to Trust, but verify – Bypassing MFA (20)

PPT
MFA, 42 & Compliance - Answers to the Wrong Questions
Dan Houser
 
PPTX
Crypto passport authentication
Harry Potter
 
PPTX
Crypto passport authentication
David Hoen
 
PPTX
Crypto passport authentication
Tony Nguyen
 
PPTX
Crypto passport authentication
Young Alista
 
PPTX
Crypto passport authentication
Fraboni Ec
 
PPTX
Crypto passport authentication
James Wong
 
PPTX
Crypto passport authentication
Luis Goldster
 
PPTX
CI-ISSA '23 - Bad Multi-Factor
Curtis Brazzell
 
PDF
CyberArk Cleveland Defend Non-Human ID Exploitations
Chad Bowerman
 
PPTX
Authentication
primeteacher32
 
PPTX
Fine grained two-factor access control for cloud
allan sam
 
PPTX
Multi-Factor Authentication - "Moving Towards the Enterprise"
mycroftinc
 
PPTX
Daily Cybersecurity Tips and Tricks with solutions
Bert Blevins
 
PDF
Implementing Phishing Resistant Solution
Abhishek Agarwal
 
PPTX
Cloud Identity Management
Damian T. Gordon
 
PPTX
Life & Work Online Protecting Your Identity
InnoTech
 
PPTX
New Opportunities with Two Factor Authentication (2FA) - A How To
Alan Percy
 
PDF
New Opportunities with Two Factor Authentication (2FA) - A How To
TelcoBridges Inc.
 
PPT
Ch08 Authentication
Information Technology
 
MFA, 42 & Compliance - Answers to the Wrong Questions
Dan Houser
 
Crypto passport authentication
Harry Potter
 
Crypto passport authentication
David Hoen
 
Crypto passport authentication
Tony Nguyen
 
Crypto passport authentication
Young Alista
 
Crypto passport authentication
Fraboni Ec
 
Crypto passport authentication
James Wong
 
Crypto passport authentication
Luis Goldster
 
CI-ISSA '23 - Bad Multi-Factor
Curtis Brazzell
 
CyberArk Cleveland Defend Non-Human ID Exploitations
Chad Bowerman
 
Authentication
primeteacher32
 
Fine grained two-factor access control for cloud
allan sam
 
Multi-Factor Authentication - "Moving Towards the Enterprise"
mycroftinc
 
Daily Cybersecurity Tips and Tricks with solutions
Bert Blevins
 
Implementing Phishing Resistant Solution
Abhishek Agarwal
 
Cloud Identity Management
Damian T. Gordon
 
Life & Work Online Protecting Your Identity
InnoTech
 
New Opportunities with Two Factor Authentication (2FA) - A How To
Alan Percy
 
New Opportunities with Two Factor Authentication (2FA) - A How To
TelcoBridges Inc.
 
Ch08 Authentication
Information Technology
 
Ad

More from DefCamp (20)

PDF
Remote Yacht Hacking
DefCamp
 
PDF
Mobile, IoT, Clouds… It’s time to hire your own risk manager!
DefCamp
 
PPTX
The Charter of Trust
DefCamp
 
PPTX
Internet Balkanization: Why Are We Raising Borders Online?
DefCamp
 
PPTX
Bridging the gap between CyberSecurity R&D and UX
DefCamp
 
PPTX
Secure and privacy-preserving data transmission and processing using homomorp...
DefCamp
 
PPTX
Drupalgeddon 2 – Yet Another Weapon for the Attacker
DefCamp
 
PPTX
Economical Denial of Sustainability in the Cloud (EDOS)
DefCamp
 
PPTX
Threat Hunting: From Platitudes to Practical Application
DefCamp
 
PPTX
Building application security with 0 money down
DefCamp
 
PPTX
Implementation of information security techniques on modern android based Kio...
DefCamp
 
PPTX
Lattice based Merkle for post-quantum epoch
DefCamp
 
PPTX
The challenge of building a secure and safe digital environment in healthcare
DefCamp
 
PPTX
Timing attacks against web applications: Are they still practical?
DefCamp
 
PPTX
Tor .onions: The Good, The Rotten and The Misconfigured
DefCamp
 
PPTX
Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...
DefCamp
 
PPTX
We will charge you. How to [b]reach vendor’s network using EV charging station.
DefCamp
 
PPTX
Connect & Inspire Cyber Security
DefCamp
 
PPTX
The lions and the watering hole
DefCamp
 
PPT
WiFi practical hacking "Show me the passwords!"
DefCamp
 
Remote Yacht Hacking
DefCamp
 
Mobile, IoT, Clouds… It’s time to hire your own risk manager!
DefCamp
 
The Charter of Trust
DefCamp
 
Internet Balkanization: Why Are We Raising Borders Online?
DefCamp
 
Bridging the gap between CyberSecurity R&D and UX
DefCamp
 
Secure and privacy-preserving data transmission and processing using homomorp...
DefCamp
 
Drupalgeddon 2 – Yet Another Weapon for the Attacker
DefCamp
 
Economical Denial of Sustainability in the Cloud (EDOS)
DefCamp
 
Threat Hunting: From Platitudes to Practical Application
DefCamp
 
Building application security with 0 money down
DefCamp
 
Implementation of information security techniques on modern android based Kio...
DefCamp
 
Lattice based Merkle for post-quantum epoch
DefCamp
 
The challenge of building a secure and safe digital environment in healthcare
DefCamp
 
Timing attacks against web applications: Are they still practical?
DefCamp
 
Tor .onions: The Good, The Rotten and The Misconfigured
DefCamp
 
Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...
DefCamp
 
We will charge you. How to [b]reach vendor’s network using EV charging station.
DefCamp
 
Connect & Inspire Cyber Security
DefCamp
 
The lions and the watering hole
DefCamp
 
WiFi practical hacking "Show me the passwords!"
DefCamp
 
Ad

Recently uploaded (20)

PPTX
Agile Chennai 18-19 July 2025 | Workshop - Enhancing Agile Collaboration with...
AgileNetwork
 
PDF
NewMind AI Weekly Chronicles – July’25, Week III
NewMind AI
 
PPTX
The Future of AI & Machine Learning.pptx
pritsen4700
 
PPTX
AVL ( audio, visuals or led ), technology.
Rajeshwri Panchal
 
PDF
State-Dependent Conformal Perception Bounds for Neuro-Symbolic Verification
Ivan Ruchkin
 
PDF
Generative AI vs Predictive AI-The Ultimate Comparison Guide
Lily Clark
 
PPTX
AI Code Generation Risks (Ramkumar Dilli, CIO, Myridius)
Priyanka Aash
 
PDF
How ETL Control Logic Keeps Your Pipelines Safe and Reliable.pdf
Stryv Solutions Pvt. Ltd.
 
PPTX
AI in Daily Life: How Artificial Intelligence Helps Us Every Day
vanshrpatil7
 
PPTX
Agentic AI in Healthcare Driving the Next Wave of Digital Transformation
danielle hunter
 
PDF
The Future of Artificial Intelligence (AI)
Mukul
 
PDF
Google I/O Extended 2025 Baku - all ppts
HusseinMalikMammadli
 
PDF
Responsible AI and AI Ethics - By Sylvester Ebhonu
Sylvester Ebhonu
 
PPTX
Applied-Statistics-Mastering-Data-Driven-Decisions.pptx
parmaryashparmaryash
 
PDF
Presentation about Hardware and Software in Computer
snehamodhawadiya
 
PDF
introduction to computer hardware and sofeware
chauhanshraddha2007
 
PDF
TrustArc Webinar - Navigating Data Privacy in LATAM: Laws, Trends, and Compli...
TrustArc
 
PPTX
AI and Robotics for Human Well-being.pptx
JAYMIN SUTHAR
 
PDF
MASTERDECK GRAPHSUMMIT SYDNEY (Public).pdf
Neo4j
 
PPTX
Dev Dives: Automate, test, and deploy in one place—with Unified Developer Exp...
AndreeaTom
 
Agile Chennai 18-19 July 2025 | Workshop - Enhancing Agile Collaboration with...
AgileNetwork
 
NewMind AI Weekly Chronicles – July’25, Week III
NewMind AI
 
The Future of AI & Machine Learning.pptx
pritsen4700
 
AVL ( audio, visuals or led ), technology.
Rajeshwri Panchal
 
State-Dependent Conformal Perception Bounds for Neuro-Symbolic Verification
Ivan Ruchkin
 
Generative AI vs Predictive AI-The Ultimate Comparison Guide
Lily Clark
 
AI Code Generation Risks (Ramkumar Dilli, CIO, Myridius)
Priyanka Aash
 
How ETL Control Logic Keeps Your Pipelines Safe and Reliable.pdf
Stryv Solutions Pvt. Ltd.
 
AI in Daily Life: How Artificial Intelligence Helps Us Every Day
vanshrpatil7
 
Agentic AI in Healthcare Driving the Next Wave of Digital Transformation
danielle hunter
 
The Future of Artificial Intelligence (AI)
Mukul
 
Google I/O Extended 2025 Baku - all ppts
HusseinMalikMammadli
 
Responsible AI and AI Ethics - By Sylvester Ebhonu
Sylvester Ebhonu
 
Applied-Statistics-Mastering-Data-Driven-Decisions.pptx
parmaryashparmaryash
 
Presentation about Hardware and Software in Computer
snehamodhawadiya
 
introduction to computer hardware and sofeware
chauhanshraddha2007
 
TrustArc Webinar - Navigating Data Privacy in LATAM: Laws, Trends, and Compli...
TrustArc
 
AI and Robotics for Human Well-being.pptx
JAYMIN SUTHAR
 
MASTERDECK GRAPHSUMMIT SYDNEY (Public).pdf
Neo4j
 
Dev Dives: Automate, test, and deploy in one place—with Unified Developer Exp...
AndreeaTom
 

Trust, but verify – Bypassing MFA

  • 1. Classification: //Secureworks/Public Use:© SecureWorks, Classification: //Secureworks/Confidential - Limited External Distribution:1 DefCamp9 - 2018 -
  • 2. Classification: //Secureworks/Public Use:© SecureWorks, Classification: //Secureworks/Confidential - Limited External Distribution:2 “Trust, but verify” – bypassing MFA Mircea NENCIU Stefan MITROI
  • 3. Classification: //Secureworks/Public Use:© SecureWorks, Classification: //Secureworks/Confidential - Limited External Distribution: What is MFA Multi-factor authentication (MFA) represents a security system in which individuals are required to authenticate through more than one security and validation procedure.
  • 4. Classification: //Secureworks/Public Use:© SecureWorks, Classification: //Secureworks/Confidential - Limited External Distribution: History of MFA With the ever increasing use of computer systems, people realized that the information stored was sometimes very confidential in nature. As such, better security was required something that didn’t just reply on the memory of the user, something that was harder to give away by mistake or could be extracted as a result of database breaches.
  • 5. Classification: //Secureworks/Public Use:© SecureWorks, Classification: //Secureworks/Confidential - Limited External Distribution: Authentication factors  MFA is a method of granting access after confirming the identity of the user by validating two or more claims presented, each from a different category
  • 6. Classification: //Secureworks/Public Use:© SecureWorks, Classification: //Secureworks/Confidential - Limited External Distribution: Authentication factors  Something you know  Something you have  Something you are
  • 7. Classification: //Secureworks/Public Use:© SecureWorks, Classification: //Secureworks/Confidential - Limited External Distribution: Deployment modules  Something you know  Password  Passphrase  Pin  Secret questions
  • 8. Classification: //Secureworks/Public Use:© SecureWorks, Classification: //Secureworks/Confidential - Limited External Distribution: Deployment modules  Something you have  Phone(call/SMS)  Soft token  Hard token
  • 9. Classification: //Secureworks/Public Use:© SecureWorks, Classification: //Secureworks/Confidential - Limited External Distribution: Something you are  Something you are  Fingerprint  Voice recognition  Facial recognition
  • 10. Classification: //Secureworks/Public Use:© SecureWorks, Classification: //Secureworks/Confidential - Limited External Distribution: Challenges  Cost  Confidentiality  Availability  Compatibility  User convenience
  • 11. Classification: //Secureworks/Public Use:© SecureWorks, Classification: //Secureworks/Confidential - Limited External Distribution: Meet Dave
  • 12. Classification: //Secureworks/Public Use:© SecureWorks, Classification: //Secureworks/Confidential - Limited External Distribution: Securing Dave
  • 13. Classification: //Secureworks/Public Use:© SecureWorks, Classification: //Secureworks/Confidential - Limited External Distribution: Security Incidents
  • 14. Classification: //Secureworks/Public Use:© SecureWorks, Classification: //Secureworks/Confidential - Limited External Distribution: POC
  • 15. Classification: //Secureworks/Public Use:© SecureWorks, Classification: //Secureworks/Confidential - Limited External Distribution: POC
  • 16. Classification: //Secureworks/Public Use:© SecureWorks, Classification: //Secureworks/Confidential - Limited External Distribution: Bypassing SPAM filters  Most popular enterprise email solution Outlook/Office365  Moving from an “on-prem” exchange to a hybrid or full cloud model  test@[domain].com vs test@[domain.]onmicrosft.com
  • 17. Classification: //Secureworks/Public Use:© SecureWorks, Classification: //Secureworks/Confidential - Limited External Distribution: Bypassing SPAM filters
  • 18. Classification: //Secureworks/Public Use:© SecureWorks, Classification: //Secureworks/Confidential - Limited External Distribution: Check compatibility  Understand the network  Legacy protocols  Modern Authentication  Continual service improvement
  • 19. Classification: //Secureworks/Public Use:© SecureWorks, Classification: //Secureworks/Confidential - Limited External Distribution: Q&A
  • 20. Classification: //Secureworks/Public Use:© SecureWorks, Classification: //Secureworks/Confidential - Limited External Distribution: THANK YOU!