Breaking the Lock: How MFA Can Still Be Defeated
Multi-Factor Authentication (MFA) is often hailed as the gold standard for securing online accounts – but is it truly unbreakable? Join us for a live webcast where we pull back the curtain on the real-world vulnerabilities that attackers are exploiting to bypass MFA protections. In this session we’ll break down the fundamentals of MFA before diving into the darker side – how modern adversaries are defeating it using sophisticated techniques. We’ll explore:
- SIM Swap Attacks: How attackers hijack phone numbers to intercept MFA codes.
- Voice Cloning: The emerging threat of synthetic voices tricking phone-based verification systems.
- Reverse Proxy Attacks with Evilginx: A deep dive into how man-in-the-middle frameworks can transparently phish credentials and session tokens, rendering MFA useless.
As a highlight, we’ll showcase a live demo using Phisherman, a demo application that is featured in SEC565: Red Team Operations and Adversary Emulation and open sourced to the world, showing exactly how attackers capture credentials and MFA tokens in real-time. Whether you're a security professional, developer, or just MFA-curious – this session will change the way you view account security. Spoiler alert – MFA is not a silver bullet.
Live Q&A: Bring your questions and your skepticism – we’re ready.
