In previous videos, I’ve talked about how Passkeys are one of the strongest forms of MFA that you could roll out in an organization given that they are considered phishing resistant and can protect us against threats like a man in the middle attack. It’s unlikely that many of us have reached a maturity level where we can look at rolling out passkeys to our customers, but I wanted to make this video to show how users can still be breached in Microsoft 365 even with this form of MFA in place. The example I am going to show of the breach is something I have seen in real life from an organization that I have consulted with in the past. In their case, they transferred 530k to a fraudulent bank account after having multiple users compromised within the organization. I will also share my thoughts on how you can protect yourself from this attack leveraging various security protections native in Microsoft 365.
🚀 What You'll Learn: Real-Life Applications: See firsthand how attackers can bypass even phishing resistant MFA via a pass-the-cookie attack.
💡 Why Read? Identify protections you can put into place today that exist in your native licensing with Microsoft 365
Blog: tminus365.com/how-attackers-c...
What I cover:
-Cookie Hijacking in M365
-Persistence techniques
-Inbox rule manipulation
-Conditional Access Policy protections
-Connecting alerts to PSA
____________________
Give this video a thumbs up if you enjoyed watching 👍
#microsoft #cybersecurity #microsoftsecurity
Thanks for watching the video How attackers can bypass phishing-resistant MFA | Use these protections!
18 июн 2024
