AI-powered
podcast player
Listen to all your favourite podcasts with AI-powered features
The Defender's Advantage Podcast
How Threat Actors Bypass Multi-Factor Authentication
Sep 26, 2024
Josh Fleischer, a Principal Security Analyst with Mandiant's Managed Defense organization, dives into the alarming trends of multi-factor authentication (MFA) bypass in this discussion. He reveals how adversary in the middle attacks exploit vulnerabilities, particularly through advanced phishing tactics. Josh highlights the rise of 'phishing as a service,' automation in spear phishing, and the risks posed by QR codes. He emphasizes the critical need for robust MFA solutions amid evolving threats and shares insights on detecting and remediating digital threats.
27:20
Episode guests
AI Summary
Highlights
AI Chapters
Episode notes
Podcast summary created with Snipd AI
Quick takeaways
- Adversary in the Middle (AiTM) attacks utilize proxy servers to intercept communications and exploit MFA vulnerabilities, leading to credential theft.
- The increasing sophistication of phishing techniques, such as QR code phishing, highlights the urgent need for organizations to enhance their security measures.
Deep dives
Understanding Adversary in the Middle Techniques
Adversary in the Middle (AITM) is a sophisticated phishing attack that leverages a proxy server to intercept and manipulate communications between a victim and a legitimate authentication service. This approach allows attackers to collect user credentials and access tokens after a victim completes their login and multi-factor authentication (MFA). AITM exploits vulnerabilities by displaying custom branding that mimics legitimate services, increasing the likelihood of users unwittingly providing their sensitive information. As organizations increasingly implement MFA, AITM continues to evolve, highlighting the necessity for robust security measures that can resist such advanced tactics.
Get the Snipd
podcast app
Unlock the knowledge in podcasts with the podcast player of the future.
AI-powered
Discover
highlights
Listen to the best highlights from the podcasts you love and dive into the full episode
Save any
moment
Hear something you like? Tap your headphones to save it with AI-generated key takeaways
Share
& Export
Send highlights to Twitter, WhatsApp or export them to Notion, Readwise & more
AI-powered
podcast player
Listen to all your favourite podcasts with AI-powered features
Discover
highlights
Listen to the best highlights from the podcasts you love and dive into the full episode