Attack Disruption: Live Demo

  Рет қаралды 1,147

Microsoft Security Community

Microsoft Security Community

Күн бұрын

Пікірлер: 4
@delefagbemi6335
@delefagbemi6335 Ай бұрын
Dope!
@Daniel-n7b7d
@Daniel-n7b7d Ай бұрын
I'm unclear here, how did the MFA prompt come up? The wont have access to our tenant and the MFA (Passwordless) is added to the Authenticator so creating that secure link to our tenant. If user click on the link and then authenticate, how is that somehow making the MFA work? I'm confused... Also, forwarding is globally disabled? I see what you trying to show here but not sure if this is possible if you on the new Authentication Strengths and email forwarding is disabled and PIM implemented.
@AllShowDE
@AllShowDE Ай бұрын
With the AiTM Phishing as shown here, the whole login is in real time. The login occurs on the attackers side and the frontend you see as the user is just proxied. You send the user + pass to the AiTM infrastructure, which is in real time logging in. When MFA is enforced, this will also be proxied back to you to perform. Imagine performing a real sign in on your device and the attacker steals the cookie from your browser - now think the other way around, you are signing in on the attackers machine. As seen in this video, MFA via Authenticator (incl. number matching) works. The user receives a real push notification and logs in as usual, afaik this would be the same for passwordless with Authenticator (just without the password step). Since the login happens on the attackers infrastructure, the attacker can save the session token. This enables reusing the token/session as shown. To combat AiTM, I would recommend using Phishing resistant MFA - which would need to be enforced via Conditional Access & Authentication Strength. You could also enforce a Joined/Compliant device, which the attacker can't match. AiTM (as of now) does not work with FIDO2. You can't authenticate with your enrolled FIDO2 Entra ID credential to a third party website, since the domain/server (login.microsoftonline.com) is verified before each authentication attempt.
@Daniel-n7b7d
@Daniel-n7b7d Ай бұрын
@@AllShowDE Ah nice one, I get it now, you login and they highjack the token and then continue the journey as normal. We def doing Compliant devices (some Hybrid) and we now removed network locations. Can't see us going FIDO2 but I can replace that with WHfB on complaint devices and Endpoint Security with a medium severity so if people get phished the device is placed in non-compliance and no access to the data until resolved... I'm trying my best to protect my customers but I feel it will be a never ending journey. Just want to say, thank❤❤s for this video, it really helped me!!! Damn I love my job!!!!
Azure Network Security: A Closer Look at Azure DDoS Protection
21:03
Microsoft Security Community
Рет қаралды 534
425 Show | Evilginx: How Threat Actors Perform Phishing and Token Theft Attacks
26:48
Microsoft Security Community
Рет қаралды 1,2 М.
Леон киллер и Оля Полякова 😹
00:42
Канал Смеха
Рет қаралды 4,7 МЛН
UFC 310 : Рахмонов VS Мачадо Гэрри
05:00
Setanta Sports UFC
Рет қаралды 1,2 МЛН
How to treat Acne💉
00:31
ISSEI / いっせい
Рет қаралды 108 МЛН
Microsoft Sentinel Data tiering best practices
20:14
Microsoft Security Community
Рет қаралды 1 М.
Migrating From AD to Entra ID - How to Successfully Navigate the Cloud Transformation Journey
1:17:34
NVIDIA CEO Jensen Huang's Vision for Your Future
1:03:03
Cleo Abram
Рет қаралды 148 М.
TEC - Preparing for a Transition from Active Directory to Entra ID
59:01
Quest Technical Support
Рет қаралды 473
Network Security Protection with Azure Firewall, Azure WAF, and Azure DDoS
28:05
Microsoft Security Community
Рет қаралды 981
HTTPS, SSL, TLS & Certificate Authority Explained
43:29
Laith Academy
Рет қаралды 157 М.
IT: Intro to XDR Microsoft Defender
13:44
Kevtech IT Support
Рет қаралды 1,7 М.
Automatic Attack Disruption
12:08
MARVIN DSOUZA
Рет қаралды 295
Security Onion Essentials 2024 Threat Hunting
17:20
Security Onion
Рет қаралды 2,8 М.
Леон киллер и Оля Полякова 😹
00:42
Канал Смеха
Рет қаралды 4,7 МЛН