Training
Featured CourseView All Courses

SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals

SEC595Cyber Defense, Artificial Intelligence
SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals
View course detailsRegister
Get a Free Hour of SANS Training

Experience SANS training through course previews.

Learn More
Learning Paths
FeaturedView all Focus Areas
NEW - AI Security Training
Can't find what you are looking for?

Let us help.

Contact us
Free Resources

SANS Community Benefits

Connect, learn, and share with other cybersecurity professionals

Customer Case Studies

Discover how organizations and individual cyber practitioners use SANS training and GIAC certifications

AI Risk & Readiness

Explore expert-driven guidance, training, and tools to help defend against AI-powered threats and adopt AI securely

Join the SANS Community

Become a member for instant access to our free resources.

Sign Up
For Organizations

Public Sector

Mission-focused cybersecurity training for government, defense, and education

Partnerships

Explore industry-specific programming and customized training solutions

Sponsorship Opportunities

Sponsor a SANS event or research paper

Interested in developing a training plan to fit your organization’s needs?

We're here to help.

Contact Us
Group Purchasing
Group Purchasing

Modern Multi-Factor Authentication Bypass Techniques: A Taste of SANS SEC660

  • Wed, Apr 2, 2025
  • Duration: 1 Hour
  • English
  • James Shewmaker
  • Technical Presentation
Login to register
Webcast Hero

With the proliferation of multi-factor authentication, penetration testers need to apply existing tooling to manipulate even internal applications. Building attack infrastructure internally during a penetration test is resource exhausting, but modern tools like Evilginx can do most of the heavy lifting for us.

This webcast will cover an excerpt from SANS SEC660: Advanced Penetration Testing, Exploit Writing, and Ethical Hacking™, using Evilginx to bypass internal application authentication.

There are many examples of public MFA bypass attacks, such as manipulating credentials from Office365. Here, we will discuss and demonstrate such an attack, resulting in pivoting internally into an administrative console.

This webcast supports content and knowledge from SEC660: Advanced Penetration Testing, Exploit Writing, and Ethical Hacking™. To learn more about this course, explore upcoming sessions, and access your FREE preview, click here.

Meet Your Speaker

James Shewmaker
James Shewmaker

James Shewmaker

Founder and Principal Consultant at Bluenotch Corporation

Learn offensive operations, exploit development, and penetration testing from SANS Principal Instructor James Shewmaker, founder of Bluenotch Corporation and contributor to SEC660, NetWars, and advanced cyber range training environments.

Read more about James Shewmaker