A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Two-Factor, Too Furious: Evading (and Protecting) Evolving MFA Schemes - Austin Baker, Doug Bienstock Derbycon 2018 (Hacking Illustrated Series InfoSec Tutorial Videos)

Two-Factor, Too Furious: Evading (and Protecting) Evolving MFA Schemes
Austin Baker, Doug Bienstock
Derbycon 2018

Multifactor authentication is often the first (and too often, the last) line of defense against motivated attackers trying to get access to sensitive data. While is it correctly hailed as a cornerstone of in-depth network defense, adoption rates are outpacing education about the real-world attack scenarios levied against MFA schemes everyday. Here, we present an attempt at a modern threat model of MFA schemes today, with a breakdown of both classic and novel tools and techniques and what security teams responsible with enforcing MFA can do about it.

Austin Baker started his career in InfoSec learning the ways of Digital Forensics and Incident Response. Then, he learned it was way more fun learning to do break things than how to put them back together. Since then, he's been a practicing Red Team member at Mandiant, helping secure organizations by pretending to be one of the bad guys. Doug Bienstock splits his time at Mandiant performing Incident Response and Red Team work. He uses lessons learned from IRs to better simulate attacker techniques and aid organizations stay ahead of the bad guys.

@doughsec

Back to Derbycon 2018 video list

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast