We will discuss failure modes of advanced authentication and show exploit bypasses of multifactor auth systems. From there, we will provide pragmatic means for defense of credential systems, including normalizing credential defense, baselines, credential reset engineering, and architecture of a "credential firewall" so that network firewalls aren't bypassed by unsafe credential practices.

RSA® Conference, the world’s leading information security conferences and expositions, concluded its 30th annual event, which took place as a fully virtual experience this week. This year’s theme was Resilience, and in honor of all that the cybersecurity industry has accomplished over the past three decades, offered a must-attend celebration of thought leadership and education.


More than 20,000 people registered to view 449 sessions including, keynotes, track sessions, interactive programs, tutorials, seminars, and many special digital-first programs that focused on best practices and innovation. The content covered many of the industry’s most pressing topics, including privacy, machine learning and artificial intelligence, analytics, anti-fraud, policy and government, and risk management and governance.

Purple Team Auth: Hacking & Bypassing MFA Systems, and How to Armor Up

Conference: RSA Conference 2021

Abstract

Post a comment

Related work

Hi! I'm DOMAIN\Steve, please let me access VLAN2

Deep Dive into an ICS Firewall, Looking for the Fire Hole

A Pain in the NAS: Exploiting Cloud Connectivity to PWN your NAS

PPLdump Is Dead. Long Live PPLdump!

I Am Whoever I Say I Am: Infiltrating Identity Providers Using a 0Click Exploit

Greetings from the '90s: Exploiting the Design of Industrial Controllers in Modern Settings