"in and turn off the extra security. so yeah, i don ’ t know why but microsoft default configurations are bad and microsoft should feel bad about that. we abuse their default configurations all the time from email spoofing use over direct send. we got a blog post about that steve …"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1566.002Spearphishing Link
90%
"about myself. so in the beginning, us attackers, we created an attack called credential harvesting that consisted of us basically setting up a fake login portal of some kind. usually like a fake website. it might be that we had cloned a real website. so it looked just like one of…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1111Multi-Factor Authentication Interception
90%
"it sits in the middle just like it sounds like between our victim and the real login portal. and it passes information back and forth from one to the other. so the victim visits the adversary - in - the - middle server. the server then goes out, makes a request to the real login …"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1556.006Multi-Factor Authentication
89%
"know about the attacker ’ s computer is that the attacker ’ s computer is always not the computer that the victim is physically using. that in every one of these attacks that computer is somewhere else in the world and it ’ s not the computer that the victim is actually logging i…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1556.006Multi-Factor Authentication
78%
"is a valid signature for the key that it has the public key for. so it ’ s able to use that public key to verify the signature. as long as the signature is valid, then that is definitely the user on the other end that is meant to be logging in here. it ’ s cryptographically secur…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1556.006Multi-Factor Authentication
76%
"multi - factor authentication. both of these attacks are valid ways to go. but the big problem here is it requires doing two separate attacks against the same user because we have to do that initial social engineering attack where we get them to go and log into the site and get t…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1556.006Multi-Factor Authentication
76%
"how effective is mfa fatigue for giving you the access you ’ re looking for? michael allen it ’ s extremely effective. that is why i called out the, phone call where you can just press the pound key as letting you into the account as being terrible. the push notifications, where …"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1566.002Spearphishing Link
74%
"website, they send a fake multi - factor prompt that asks for whatever the real login portal had just asked the attacker for. could be a push notification, could be again a code, whatever. then the victim does that action on their end and the, the attacker is then allowed into th…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1556.006Multi-Factor Authentication
74%
"it sits in the middle just like it sounds like between our victim and the real login portal. and it passes information back and forth from one to the other. so the victim visits the adversary - in - the - middle server. the server then goes out, makes a request to the real login …"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1556.006Multi-Factor Authentication
73%
"- factor tokens, some of which i ’ ve got listed on the screen. some of them seem complicated and seem secure. for example, passwordless is one that i ’ ve heard repeated, or mentioned repeatedly that people assume is going to be secure because there ’ s not a password anymore. t…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1566.002Spearphishing Link
73%
"harvesting page set up just like the traditional credential harvesting page. so this could be a clone of a real login portal. it could be something we ’ ve made that ’ s completely unique and just branded to look like whatever it is we want them to log into. but they log into it.…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1598.003Spearphishing Link
72%
"about myself. so in the beginning, us attackers, we created an attack called credential harvesting that consisted of us basically setting up a fake login portal of some kind. usually like a fake website. it might be that we had cloned a real website. so it looked just like one of…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1090.002External Proxy
72%
"like a broad category of attack. you could, you could say, that a lot of other attacks feed into. so this is an attack that adversary - in - the - middle ultimately results in, but that you could also get to this point from other types of attacks too. so that ’ s a bit of an intr…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1556.006Multi-Factor Authentication
71%
"authenticator app like you see at the bottom right. or it could be any of a number of other types of tokens. those were a couple of the two earliest ones that we saw most frequently. so now user id and password alone were not, not enough for us to get into a lot of the different …"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1090.002External Proxy
70%
"s an ip address associated with some cloud service like digitalocean or something like that. well that ’ s something that ’ ll work part of the time, but it won ’ t work all the time. it won ’ t work for sophisticated attackers that actually know what they ’ re doing because it d…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1111Multi-Factor Authentication Interception
68%
"harvesting page set up just like the traditional credential harvesting page. so this could be a clone of a real login portal. it could be something we ’ ve made that ’ s completely unique and just branded to look like whatever it is we want them to log into. but they log into it.…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1556.006Multi-Factor Authentication
68%
"how to test adversary - in - the - middle without hacking tools how to test adversary - in - the - middle without hacking tools this webcast originally aired on march 13, 2025. in this video, michael allen discusses how to test adversary - in - the - middle attacks without using …"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1556.006Multi-Factor Authentication
57%
"’ t demo that one. but that is an option for some services, not for all. so the next steps here are. well okay, so we ’ ve figured out how to identify the multi - factor authentication that ’ s weak. how do we identify it in our environment and fix the weak multi - factor that ’ …"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1556.006Multi-Factor Authentication
54%
"network when they ’ re on site, in the office or from the vpn. so that would prevent this attack from working because again the login always happens from the attacker ’ s computer. so if the attacker can no longer log in from their computer, neither can we. that solves this probl…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1556.006Multi-Factor Authentication
54%
"is exactly what happens. i didn ’ t give joseph any information that he would not get if he was using evil jinx, modlishka, cuttlefish, evil novianc, any of those other tools that i showed because i was seeing his screen on the webcast. and in every one of those cases the victim …"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1556.006Multi-Factor Authentication
53%
"application then sends back this session token. the browser holds onto that session token and it sends it in every request from then on. and every time the application sees that token it knows, okay, this is that user that signed in before, so i should give them access to their a…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
"how effective is mfa fatigue for giving you the access you ’ re looking for? michael allen it ’ s extremely effective. that is why i called out the, phone call where you can just press the pound key as letting you into the account as being terrible. the push notifications, where …"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1090.003Multi-hop Proxy
47%
"s an ip address associated with some cloud service like digitalocean or something like that. well that ’ s something that ’ ll work part of the time, but it won ’ t work all the time. it won ’ t work for sophisticated attackers that actually know what they ’ re doing because it d…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
"is exactly what happens. i didn ’ t give joseph any information that he would not get if he was using evil jinx, modlishka, cuttlefish, evil novianc, any of those other tools that i showed because i was seeing his screen on the webcast. and in every one of those cases the victim …"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1111Multi-Factor Authentication Interception
41%
"how to test adversary - in - the - middle without hacking tools how to test adversary - in - the - middle without hacking tools this webcast originally aired on march 13, 2025. in this video, michael allen discusses how to test adversary - in - the - middle attacks without using …"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1090.002External Proxy
39%
"mobile phone, whatever, to make a web request to our server. our server then sends its own web request out to the real login portal. it gets back html data, whatever other web data back from that login portal, sends it to the victim. and this goes back and forth just like that. s…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1556.006Multi-Factor Authentication
39%
"login on a computer that is not the computer where the user is sitting. so therefore if someone can log into your account on a physically remote computer with your help, like obviously if they could do it without your help that would be a problem. but even if they can do it with …"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1111Multi-Factor Authentication Interception
38%
"authenticator app like you see at the bottom right. or it could be any of a number of other types of tokens. those were a couple of the two earliest ones that we saw most frequently. so now user id and password alone were not, not enough for us to get into a lot of the different …"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1556.006Multi-Factor Authentication
37%
"only shortcoming there really was that only works with something like a time - based one - time password token. so something like a google authenticator app where it ’ s giving you that code that ’ s constantly rotating on your phone or on some other device and that code ’ s only…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1111Multi-Factor Authentication Interception
33%
"login on a computer that is not the computer where the user is sitting. so therefore if someone can log into your account on a physically remote computer with your help, like obviously if they could do it without your help that would be a problem. but even if they can do it with …"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
In this video, Michael Allen discusses how to test Adversary-in-the-Middle attacks without using hacking tools. He delves into the intricacies of credential harvesting, the evolution of multi-factor authentication (MFA), and how attackers adapt their strategies to bypass security measures.
