Two-Factor, Too Furious: Subverting (and Protecting) Multi-factor Authentication

Logo
Presented by

Austin Baker, Sr. Consultant (Mandiant), Patrick Charbonneau, Consultant (Mandiant)

About this talk

Multi-Factor Authentication (MFA) is the standard for protecting sensitive systems and credentials. What once was limited to physical tokens and keycodes has expanded into digital tokens, phone applications, and password vaults, all in the effort to offer additional safeguards for critical access points like VPN connectivity and system administrator accounts. While MFA is now an industry-standard security practice, monitoring and protecting these implementations from exploitation is not widely practiced. Gathered from the trenches of both our Incident Responders and Red Teamers, here is a quick introduction to the problems faced with common MFA systems, the ways real-world attackers (e.g. APT28 & ATP29) and our Red Team have bypassed or subverted them, and some techniques your team can use to further protect the multi-factor keys to your kingdom. Register today to learn from our experts.

Related topics:

More from this channel

Upcoming talks (6)
On-demand talks (423)
Subscribers (81169)
Mandiant provides public and private organizations and critical infrastructure worldwide with early threat insights through unmatched intelligence and response expertise for the highest-profile incidents.