Multifactor authentication is often the first (and too often, the last) line of defense against motivated attackers trying to get access to sensitive data. While is it correctly hailed as a cornerstone of in-depth network defense, adoption rates are outpacing education about the real-world attack scenarios levied against MFA schemes everyday. Here, we present an attempt at a modern threat model of MFA schemes today, with a breakdown of both classic and novel tools and techniques and what security teams responsible with enforcing MFA can do about it.
Austin Baker started his career in InfoSec learning the ways of Digital Forensics and Incident Response. Then, he learned it was way more fun learning to do break things than how to put them back together. Since then, he's been a practicing Red Team member at Mandiant, helping secure organizations by pretending to be one of the bad guys.
Doug Bienstock splits his time at Mandiant performing Incident Response and Red Team work. He uses lessons learned from IRs to better simulate attacker techniques and aid organizations stay ahead of the bad guys.