CPE Cyber Attack Lab

Office 365 Man-in-the-Middle Attack Demo

Wed, February 02 | 12:00 PM EST

Our incident response team is seeing an uptick in adversaries using a very tricky man-in-the-middle attack to bypass MFA and breach Office 365 tenants.

Our security analyst, will give a brief tour of Varonis for Office 365, execute the attack, and show you how to use DatAlert to detect and respond.

+1 CPE

Register Now

Here’s an outline of how the attack works:

We trick a user into entering creds into our fake O365 login page (made with evilginx)
We make Microsoft send a passcode to the user’s phone
User enters their passcode on OUR fake page
We hijack the user’s session token
Gain access to SharePoint Online environment
Exfiltrate data from O365
Pivot to on-prem and steal CEO’s emails (because why not?)

Raphael Kelly Security Analyst Team Lead, Varonis

Raphael Kelly, GCIH is a Team Lead for the Incident Response and Security Architecture team at Varonis. Raphael has an consulting and automation background with experience in IT infrastructure, Incident Response, and Data Protection. Varonis’ team of security professionals provide complementary Incident Response services to all existing customers. In addition, they work with customers to operationalize the Varonis Data Security Platform and integrate Varonis into the security ecosystem.

"Having Varonis is a continually eye-opening -- and sometimes alarming -- experience. A few months ago, a non-HR user opened up an HR folder that contained sensitive employee salary information. With Varonis, I was able to track down the user and review exactly what they had accessed and changed."

Infrastructure Manager, US Federal Credit Union

Want to see Varonis in action?