As attackers increasingly employ phishing techniques capable of bypassing MFA in Microsoft 365 environments, this presentation will explain how these attacks operate and provide strategies for prevention. Additionally, the presentation will explore other modern attack methods targeting Microsoft 365 platforms and outline measures to defend against them. Key Takeaways: • Phishing Attack Mechanisms: Discover how modern phishing attacks are engineered to bypass multi-factor authentication in Microsoft 365 environments. • Defense Strategies: Explore actionable steps and best practices to fortify your Microsoft 365 setup against these sophisticated phishing attempts. • Emerging Threats: Identify and understand new attack vectors and techniques used by cybercriminals targeting Microsoft 365 platforms and learn how to stay ahead of these threats. Presentation outline:. -Authentication and multi-factor authentication basics -AiTM phishing (direct vs indirect) -Other methods of token theft -Mitigations to AiTM phishing -Other techniques attackers are using -Case study of several attacks Speaker Biography: Chaim Black is a Senior Cyber-Security analyst at Intrust IT and the President of InfraGard Cincinnati Members Alliance. Chaim has specialized in Microsoft 365 security and investigating Business Email Compromises in the Microsoft 365 platform. His certifications related to this presentation include an MCSA in Office 365, MCSE in Exchange 2016 (Productivity), and Office 365 Certified Security Administrator Associate and Enterprise Administrator Expert.
