Ryan OBoyle

Ryan O'Boyle

Security Analyst Team Lead, Varonis

During this training session, our security analysts will execute the attack scenario in our lab. Here’s an outline of how the attack works:

  • We trick a user into entering creds into our fake O365 login page (made with evilginx)
  • We make Microsoft send a passcode to the user’s phone
  • User enters their passcode on OUR fake page
  • We hijack the user’s session token
  • Gain access to SharePoint Online environment
  • Exfiltrate data from O365
  • Pivot to on-prem and steal CEO’s emails (because why not?)
Our Clients