accent 1 accent 2
CPE Cyber Attack Lab #3 Replay

Office 365 Man-in-the-Middle Attack Lab


Our incident response team is seeing an uptick in adversaries using a very tricky man-in-the-middle attack to bypass MFA and breach Office 365 tenants.


+1 CPE

Watch Now

About this webinar

Our security analyst, Ryan O’Boyle, will give a brief tour of Varonis for Office 365, execute the attack, and show you how to use DatAlert to detect and respond.

Here’s an outline of how the attack works:
  • We trick a user into entering creds into our fake O365 login page (made with evilginx)
  • We make Microsoft send a passcode to the user’s phone
  • User enters their passcode on OUR fake page
  • We hijack the user’s session token
  • Gain access to SharePoint Online environment
  • Exfiltrate data from O365
  • Pivot to on-prem and steal CEO’s emails (because why not?)
Andres Julian Marin Salavarrieta
Ryan O'Boyle Sr. Manager Cloud Architecture & Operations, Varonis

Ryan O’Boyle, GCIH is a Team Lead for the Incident Response and Security Architecture team at Varonis. Ryan has an engineering background with experience in IT infrastructure, Incident Response, and Data Protection. Varonis’ team of security professionals provide complementary Incident Response services to all existing customers. In addition, they work with customers to operationalize the Varonis Data Security Platform and integrate Varonis into the security ecosystem.

“The level of governance and insight provided by Varonis empowered our team to detect and respond to abnormalities as well as user activity and misconfigurations.”

Al Faella, CTO, Prospect Capital Management

Want to see Varonis in action?