All Episodes

>

Episode_02

Man-in-the-Middle:
Bypassing Microsoft 365 MFA with evilginx

Watch the replay

_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

Watch now

About this session

On-demand | Replay

Our incident response team continues to see adversaries use man-in-the-middle attacks to bypass MFA and access critical data; the targets range from rideshare applications to billion-dollar-gaming companies.

In this episode of Varonis Attack Sims, our security analyst performs an attack with evilginx to steal data from Microsoft 365, then show you how to use DatAlert to detect and respond. You’ll even get a chance to check out Varonis for Microsoft 365.

During this Attack Sims, we will:

  • We trick a user into entering creds into our fake M365 login page (made with evilginx)
  • We request Microsoft send a passcode to the user’s phone
  • The user then enters their passcode on OUR fake page
  • We hijack the user’s session token
  • From there, we gain access to SharePoint Online environment and exfiltrate data from M365
  • We pivot to on-prem and steal the CEO’s emails (because why not??)

_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

Register now

Ed Lin Headshot

Ed Lin

Ed Lin is a Security Architect on Varonis’ Incident Response team. Since joining the IR team, Ed has helped customers integrate Varonis into their security ecosystems so that they can effectively detect and respond to cyber threats. Ed has a cybersecurity analyst background working with both cloud and on-prem environments, with a focus in incident response and data protection. Outside of cybersecurity, Ed enjoys skateboarding, playing guitar, and spending time outdoors.