Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Trust, but verify – Bypassing MFA

30 views

Published on

Mircea Nenciu and Stefan Mitroi in Bucharest, Romania on November 8-9th 2018 at DefCamp #9.

The videos and other presentations can be found on https://def.camp/archive

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Trust, but verify – Bypassing MFA

  1. 1. Classification: //Secureworks/Public Use:© SecureWorks, Classification: //Secureworks/Confidential - Limited External Distribution:1 DefCamp9 - 2018 -
  2. 2. Classification: //Secureworks/Public Use:© SecureWorks, Classification: //Secureworks/Confidential - Limited External Distribution:2 “Trust, but verify” – bypassing MFA Mircea NENCIU Stefan MITROI
  3. 3. Classification: //Secureworks/Public Use:© SecureWorks, Classification: //Secureworks/Confidential - Limited External Distribution: What is MFA Multi-factor authentication (MFA) represents a security system in which individuals are required to authenticate through more than one security and validation procedure.
  4. 4. Classification: //Secureworks/Public Use:© SecureWorks, Classification: //Secureworks/Confidential - Limited External Distribution: History of MFA With the ever increasing use of computer systems, people realized that the information stored was sometimes very confidential in nature. As such, better security was required something that didn’t just reply on the memory of the user, something that was harder to give away by mistake or could be extracted as a result of database breaches.
  5. 5. Classification: //Secureworks/Public Use:© SecureWorks, Classification: //Secureworks/Confidential - Limited External Distribution: Authentication factors  MFA is a method of granting access after confirming the identity of the user by validating two or more claims presented, each from a different category
  6. 6. Classification: //Secureworks/Public Use:© SecureWorks, Classification: //Secureworks/Confidential - Limited External Distribution: Authentication factors  Something you know  Something you have  Something you are
  7. 7. Classification: //Secureworks/Public Use:© SecureWorks, Classification: //Secureworks/Confidential - Limited External Distribution: Deployment modules  Something you know  Password  Passphrase  Pin  Secret questions
  8. 8. Classification: //Secureworks/Public Use:© SecureWorks, Classification: //Secureworks/Confidential - Limited External Distribution: Deployment modules  Something you have  Phone(call/SMS)  Soft token  Hard token
  9. 9. Classification: //Secureworks/Public Use:© SecureWorks, Classification: //Secureworks/Confidential - Limited External Distribution: Something you are  Something you are  Fingerprint  Voice recognition  Facial recognition
  10. 10. Classification: //Secureworks/Public Use:© SecureWorks, Classification: //Secureworks/Confidential - Limited External Distribution: Challenges  Cost  Confidentiality  Availability  Compatibility  User convenience
  11. 11. Classification: //Secureworks/Public Use:© SecureWorks, Classification: //Secureworks/Confidential - Limited External Distribution: Meet Dave
  12. 12. Classification: //Secureworks/Public Use:© SecureWorks, Classification: //Secureworks/Confidential - Limited External Distribution: Securing Dave
  13. 13. Classification: //Secureworks/Public Use:© SecureWorks, Classification: //Secureworks/Confidential - Limited External Distribution: Security Incidents
  14. 14. Classification: //Secureworks/Public Use:© SecureWorks, Classification: //Secureworks/Confidential - Limited External Distribution: POC
  15. 15. Classification: //Secureworks/Public Use:© SecureWorks, Classification: //Secureworks/Confidential - Limited External Distribution: POC
  16. 16. Classification: //Secureworks/Public Use:© SecureWorks, Classification: //Secureworks/Confidential - Limited External Distribution: Bypassing SPAM filters  Most popular enterprise email solution Outlook/Office365  Moving from an “on-prem” exchange to a hybrid or full cloud model  test@[domain].com vs test@[domain.]onmicrosft.com
  17. 17. Classification: //Secureworks/Public Use:© SecureWorks, Classification: //Secureworks/Confidential - Limited External Distribution: Bypassing SPAM filters
  18. 18. Classification: //Secureworks/Public Use:© SecureWorks, Classification: //Secureworks/Confidential - Limited External Distribution: Check compatibility  Understand the network  Legacy protocols  Modern Authentication  Continual service improvement
  19. 19. Classification: //Secureworks/Public Use:© SecureWorks, Classification: //Secureworks/Confidential - Limited External Distribution: Q&A
  20. 20. Classification: //Secureworks/Public Use:© SecureWorks, Classification: //Secureworks/Confidential - Limited External Distribution: THANK YOU!

×