>
Episode_02
Man-in-the-Middle:
Bypassing Microsoft 365 MFA with evilginx
Watch the replay
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
Watch now
About this session
On-demand | Replay
Our incident response team continues to see adversaries use man-in-the-middle attacks to bypass MFA and access critical data; the targets range from rideshare applications to billion-dollar-gaming companies.
In this episode of Varonis Attack Sims, our security analyst performs an attack with evilginx to steal data from Microsoft 365, then show you how to use DatAlert to detect and respond. You’ll even get a chance to check out Varonis for Microsoft 365.
During this Attack Sims, we will:
- We trick a user into entering creds into our fake M365 login page (made with evilginx)
- We request Microsoft send a passcode to the user’s phone
- The user then enters their passcode on OUR fake page
- We hijack the user’s session token
- From there, we gain access to SharePoint Online environment and exfiltrate data from M365
- We pivot to on-prem and steal the CEO’s emails (because why not??)
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
Register now
Ed Lin
Ed Lin is a Security Architect on Varonis’ Incident Response team. Since joining the IR team, Ed has helped customers integrate Varonis into their security ecosystems so that they can effectively detect and respond to cyber threats. Ed has a cybersecurity analyst background working with both cloud and on-prem environments, with a focus in incident response and data protection. Outside of cybersecurity, Ed enjoys skateboarding, playing guitar, and spending time outdoors.