Talk With an Expert

Breaking the Lock: How MFA Can Still Be Defeated

  • Thu, May 15, 2025
  • 10:30AM - 11:30AM UTC
  • English
  • Jean-François Maes
  • Technical Presentation
Webcast Hero

Multi-Factor Authentication (MFA) is often hailed as the gold standard for securing online accounts – but is it truly unbreakable? Join us for a live webcast where we pull back the curtain on the real-world vulnerabilities that attackers are exploiting to bypass MFA protections. In this session we’ll break down the fundamentals of MFA before diving into the darker side – how modern adversaries are defeating it using sophisticated techniques. We’ll explore:

  • SIM Swap Attacks: How attackers hijack phone numbers to intercept MFA codes.
  • Voice Cloning: The emerging threat of synthetic voices tricking phone-based verification systems.
  • Reverse Proxy Attacks with Evilginx: A deep dive into how man-in-the-middle frameworks can transparently phish credentials and session tokens, rendering MFA useless.

As a highlight, we’ll showcase a live demo using Phisherman, a demo application that is featured in SEC565: Red Team Operations and Adversary Emulation and open sourced to the world, showing exactly how attackers capture credentials and MFA tokens in real-time. Whether you're a security professional, developer, or just MFA-curious – this session will change the way you view account security. Spoiler alert – MFA is not a silver bullet.

Live Q&A: Bring your questions and your skepticism – we’re ready.

Meet the speaker

Jean-François Maes
Jean-François Maes

Jean-François Maes

Director of Offensive Security

European director of advanced assessment at Neuvik, specializing in penetration testing, red teaming, and adversary emulation. Passionate open-source contributor with extensive experience in offensive security technologies.

Read more about Jean-François Maes