This document discusses multi-factor authentication (MFA) and methods for bypassing it. It defines MFA as requiring more than one validation procedure to authenticate individuals. It describes the different factors of authentication as something you know, something you have, and something you are. It outlines various deployment modules for each factor type, including passwords, tokens, biometrics. It also covers challenges of MFA implementation and methods attackers could use to bypass MFA security, such as email filtering or legacy protocol exploitation.

1. Classification: //Secureworks/Public Use:© SecureWorks, Classification: //Secureworks/Confidential - Limited External Distribution:1
DefCamp9
- 2018 -

2. Classification: //Secureworks/Public Use:© SecureWorks, Classification: //Secureworks/Confidential - Limited External Distribution:2
“Trust, but verify”
– bypassing MFA
Mircea NENCIU
Stefan MITROI

3. Classification: //Secureworks/Public Use:© SecureWorks, Classification: //Secureworks/Confidential - Limited External Distribution:
What is MFA
Multi-factor
authentication (MFA)
represents a security
system in which
individuals are required
to authenticate through
more than one security
and validation
procedure.

4. Classification: //Secureworks/Public Use:© SecureWorks, Classification: //Secureworks/Confidential - Limited External Distribution:
History of MFA
With the ever increasing use of computer systems, people realized
that the information stored was sometimes very confidential in
nature. As such, better security was required something that didn’t
just reply on the memory of the user, something that was harder to
give away by mistake or could be extracted as a result of database
breaches.

5. Classification: //Secureworks/Public Use:© SecureWorks, Classification: //Secureworks/Confidential - Limited External Distribution:
Authentication factors
 MFA is a method of granting access after confirming
the identity of the user by validating two or more
claims presented, each from a different category

6. Classification: //Secureworks/Public Use:© SecureWorks, Classification: //Secureworks/Confidential - Limited External Distribution:
Authentication factors
 Something you know
 Something you have
 Something you are

7. Classification: //Secureworks/Public Use:© SecureWorks, Classification: //Secureworks/Confidential - Limited External Distribution:
Deployment modules
 Something you know
 Password
 Passphrase
 Pin
 Secret questions

8. Classification: //Secureworks/Public Use:© SecureWorks, Classification: //Secureworks/Confidential - Limited External Distribution:
Deployment modules
 Something you have
 Phone(call/SMS)
 Soft token
 Hard token

9. Classification: //Secureworks/Public Use:© SecureWorks, Classification: //Secureworks/Confidential - Limited External Distribution:
Something you are
 Something you are
 Fingerprint
 Voice recognition
 Facial recognition

10. Classification: //Secureworks/Public Use:© SecureWorks, Classification: //Secureworks/Confidential - Limited External Distribution:
Challenges
 Cost
 Confidentiality
 Availability
 Compatibility
 User convenience

11. Classification: //Secureworks/Public Use:© SecureWorks, Classification: //Secureworks/Confidential - Limited External Distribution:
Meet Dave

12. Classification: //Secureworks/Public Use:© SecureWorks, Classification: //Secureworks/Confidential - Limited External Distribution:
Securing Dave

13. Classification: //Secureworks/Public Use:© SecureWorks, Classification: //Secureworks/Confidential - Limited External Distribution:
Security Incidents

14. Classification: //Secureworks/Public Use:© SecureWorks, Classification: //Secureworks/Confidential - Limited External Distribution:
POC

15. Classification: //Secureworks/Public Use:© SecureWorks, Classification: //Secureworks/Confidential - Limited External Distribution:
POC

16. Classification: //Secureworks/Public Use:© SecureWorks, Classification: //Secureworks/Confidential - Limited External Distribution:
Bypassing SPAM filters
 Most popular enterprise email solution
Outlook/Office365
 Moving from an “on-prem” exchange to a hybrid or
full cloud model
 test@[domain].com vs test@[domain.]onmicrosft.com

17. Classification: //Secureworks/Public Use:© SecureWorks, Classification: //Secureworks/Confidential - Limited External Distribution:
Bypassing SPAM filters

18. Classification: //Secureworks/Public Use:© SecureWorks, Classification: //Secureworks/Confidential - Limited External Distribution:
Check compatibility
 Understand the network
 Legacy protocols
 Modern Authentication
 Continual service improvement

19. Classification: //Secureworks/Public Use:© SecureWorks, Classification: //Secureworks/Confidential - Limited External Distribution:
Q&A

20. Classification: //Secureworks/Public Use:© SecureWorks, Classification: //Secureworks/Confidential - Limited External Distribution:
THANK YOU!