BSides Philly 2017 - MFA: It's 2017 and You're Still Doing It Wrong
December 13, 2017 | Posted in Red Teams by Chris Salerno, Dan Astor
Security Risk Advisors is proud to have been a Platinum Sponsor at BSides Philly on Friday, December 8th. In addition to continued involvement in and support for the BSides organization, Security Risk Advisors' Chris Salerno and Dan Astor also presented on Multi Factor Authentication best practices - and areas for improvement. The presentation is available to watch on YouTube, and slides are available on Slideshare, below:
Presented at BSides Philadelphia, December 8, 2017
We can all agree that having single-factor remote access gateways (VPN, Citrix, Remote Apps, etc.) exposed on the internet is a poor decision and a large security risk. These portals, can allow for a direct connection into the internal corporate environment. Once there, an attacker can begin to identify internal vulnerabilities, move laterally, escalate privileges, persist, and hoover out all the data they want. Fortunately, these portals are increasingly behind a multi-factor solution (phone call, hard/soft token, certificate, etc.). While this does help to reduce the attack surface from a direct brute force (username and password), there are often overlooked options or misconfigurations that can allow an attacker to bypass this solution or directly disrupt business operations. In this talk we’ll be covering methods that we’ve used to bypass MFA solutions to obtain internal network access from the internet.