CPE Cyber Attack Lab #3

Office 365 Man-in-the-Middle Attack Demo

Wed, Oct 21 | 10:00 AM SGT

Our incident response team is seeing an uptick in adversaries using a very tricky man-in-the-middle attack to bypass MFA and breach Office 365 tenants.

We will give a brief tour of Varonis for Office 365, execute the attack, and show you how to use DatAlert to detect and respond.

Can't attend? Register anyway - the session will be recorded and distributed to all registrants! If you would like ISC2 CPE credits for attending, please make sure to submit your ISC2 member number in the form.

+1 CPE

Register Now

About this webinar

Here’s an outline of how the attack works:

  • We trick a user into entering creds into our fake O365 login page (made with evilginx)
  • We make Microsoft send a passcode to the user’s phone
  • User enters their passcode on OUR fake page
  • We hijack the user’s session token
    Gain access to SharePoint Online environment
  • Exfiltrate data from O365
  • Pivot to on-prem and steal CEO’s emails (because why not?)
Antonio Soriano Engineer, Varonis

Antonio possesses over 19 years of experience in ICT focusing on IT Security, IT Infrastructure and R&D Lab. For the past 7 years, Antonio has been focusing on helping organizations address the business issues with respect to data privacy, security, and management in APAC and South Korea region. Prior to joining Varonis, he has previously held positions in Dell/EMC (Singapore), Wincor-Nixdorf (Singapore) and Jollibee Foods Corporation (Philippines) from end-user, technical lead to infra manager.


Infrastructure Manager, US Federal Credit Union

Want to see Varonis in action?