How attackers can bypass phishing-resistant MFA | Use these protections!
T-Minus365
View ChannelAbout
My name is Nick Ross and I am currently the CEO at CloudCapsule, a tool designed to automate your Microsoft 365 Security Assessments.. I am also a Microsoft MVP and have been blogging on content for SMB for more than 5 years. I created T-Minus 365 to demystify complex topics around Microsoft and provide security best practices. Prior to my current position at CloudCapsule, I was the VP of Product at an MSP from Long Island, Sourcepass. I was also the CTO for a Managed Service Provider (MSP), Summit Technology, based out of Salt Lake City. I also dedicated a significant part of my career to Pax8, a well recognized cloud distributor in the space. During my time there, I was part of the product team, helping develop Microsoft and Professional Services Automation (PSA) tool integrations.
Latest Posts
Video Description
In previous videos, I’ve talked about how Passkeys are one of the strongest forms of MFA that you could roll out in an organization given that they are considered phishing resistant and can protect us against threats like a man in the middle attack. It’s unlikely that many of us have reached a maturity level where we can look at rolling out passkeys to our customers, but I wanted to make this video to show how users can still be breached in Microsoft 365 even with this form of MFA in place. The example I am going to show of the breach is something I have seen in real life from an organization that I have consulted with in the past. In their case, they transferred 530k to a fraudulent bank account after having multiple users compromised within the organization. I will also share my thoughts on how you can protect yourself from this attack leveraging various security protections native in Microsoft 365. 🚀 What You'll Learn: Real-Life Applications: See firsthand how attackers can bypass even phishing resistant MFA via a pass-the-cookie attack. 💡 Why Read? Identify protections you can put into place today that exist in your native licensing with Microsoft 365 Blog: https://tminus365.com/how-attackers-can-bypass-phishing-resistant-mfa/ What I cover: -Cookie Hijacking in M365 -Persistence techniques -Inbox rule manipulation -Conditional Access Policy protections -Connecting alerts to PSA ____________________ Give this video a thumbs up if you enjoyed watching 👍 #microsoft #cybersecurity #microsoftsecurity Thanks for watching the video How attackers can bypass phishing-resistant MFA | Use these protections!
You May Also Like
Strengthen Your Security Now
AI-recommended products based on this video
BrosTrend Linux USB WiFi Adapter 1200Mbps Supports Ubuntu, Mint, Debian, Kubuntu, Mate, Zorin, PureOS, Raspberry Pi 2+, Windows 11/10, USB3.0 Wireless Dual Band Wi-Fi 5GHz/867Mbps + 2.4GHz/300Mbps
BrosTrend 1800Mbps WiFi 6 Linux WiFi Adapter for PC and Raspberry Pi 2+, Long Range USB WiFi Dongle Linux for Ubuntu, Mint, Debian, Kubuntu, Lubuntu, Zorin, Windows 11/10, Dual Band Wireless Antenna
MeLE Quieter DL Mini PC Windows 11 Home, N100 4GB 128GB, 2.5G Dual LAN,IoT Industrial Desktop Computer Support Windows 10 11 Linux Ubuntu Debian 4K Triple Display, Dual HDMI, All-in-One USB-C
