Breaking the Lock: How MFA Can Still Be Defeated

Multi-Factor Authentication (MFA) is often hailed as the gold standard for securing online accounts – but is it truly unbreakable? Join us for a live webcast where we pull back the curtain on the real-world vulnerabilities that attackers are exploiting to bypass MFA protections. In this session we’ll break down the fundamentals of MFA before diving into the darker side – how modern adversaries are defeating it using sophisticated techniques. We’ll explore:

  • SIM Swap Attacks: How attackers hijack phone numbers to intercept MFA codes.
  • Voice Cloning: The emerging threat of synthetic voices tricking phone-based verification systems.
  • Reverse Proxy Attacks with Evilginx: A deep dive into how man-in-the-middle frameworks can transparently phish credentials and session tokens, rendering MFA useless.

As a highlight, we’ll showcase a live demo using Phisherman, a demo application that is featured in SEC565: Red Team Operations and Adversary Emulation and open sourced to the world, showing exactly how attackers capture credentials and MFA tokens in real-time. Whether you're a security professional, developer, or just MFA-curious – this session will change the way you view account security. Spoiler alert – MFA is not a silver bullet.

Live Q&A: Bring your questions and your skepticism – we’re ready.