• General

    How Attackers can bypass Conditional Access

    During the development of the access concept for Microsoft 365 solutions, access scenarios were planned, dependencies discussed, roadmaps drawn up, users informed, and so on. When I think back to those appointments, I often say that multifactor authentication is secure, and there is no way around it. 2021 I was proven wrong By joining dinext. pi-sec, I had the task of taking a closer look at a hacking tool and testing it. The findings of this test should influence my approaches to Conditional Access until today. The tool is called Evilginx2. What is EvilGinx2? The tool is a man-in-the-middle attack framework and can be used to phish credentials and session…