Mircea Nenciu is a Senior Advisor – Technical Team Lead within SecureWorks. Mircea holds a CISSP certification since 2017. With a background in law enforcement, Mircea specializes in incident response, threat hunting, threat intelligence and UEBA.

He is a believer in committing oneself to excellence and his greatest satisfaction is helping others grow.

Trust, but verify – Bypassing MFA

Ever wonder why phishing is still ranked as a top Cybersecurity Attack when more and more companies implement MFA? Why are we not seeing a significant drop in this attack vector? How are users accounts still getting compromised even when MFA is implemented? Unfortunately this type of activity still exploits the most vulnerable piece in the information security defense: the user.

In order to better understand this situation we must first understand what MFA is, what it’s based on and how it’s implemented in a large scale environment. With the ever increasing focus on confidentiality of the data it was realized that better security was needed, something that didn’t just rely on the memory of the user but something that was harder to obtain (something the user has or something the user is).

This talk will present the basics of the MFA and deep-dive on how can this be bypassed in order to gain access to the user’s account.

This presentation is co-presented with Stefan Mitroi, InfoSec Team Lead at Secureworks