CPE Cyber Attack Lab #3

Office 365 Man-in-the-Middle Attack Lab

Wed, March 3 | 10:00 am EST

Our incident response team is seeing an uptick in adversaries using a very tricky man-in-the-middle attack to bypass MFA and breach Office 365 tenants.

Can't attend? Register anyway - the session will be recorded and distributed to all registrants! If you would like ISC2 CPE credits for attending, please make sure to submit your ISC2 member number in the form.

+1 CPE

Register Now

About this webinar

Here’s an outline of how the attack works:

We trick a user into entering creds into our fake O365 login page (made with evilginx)
We make Microsoft send a passcode to the user’s phone
User enters their passcode on OUR fake page
We hijack the user’s session token
Gain access to SharePoint Online environment
Exfiltrate data from O365
Pivot to on-prem and steal CEO’s emails (because why not?)

Ian McIntyre Senior Security Analyst, Varonis

Ian McIntyre is a Senior Security Analyst on the Security Architecture and Incident Response team at Varonis. In his position at Varonis, Ian helps customers understand and implement the full scope of Varonis’ detection and alerting capabilities, as well as assisting customers through cybersecurity investigations. Specific areas of interest include training SOC teams on how to analyze and triage Varonis alerts, and building full activity timelines of suspected insider threats.

"Having Varonis is a continually eye-opening -- and sometimes alarming -- experience. A few months ago, a non-HR user opened up an HR folder that contained sensitive employee salary information. With Varonis, I was able to track down the user and review exactly what they had accessed and changed."

Infrastructure Manager, US Federal Credit Union

Want to see Varonis in action?