fbpx Office 365: Man-in-the-middle attack demonstration | SASIG
Forgotten your password?

Friday 13 November 2020, 11am-12noon (GMT)

With the shift in the remote workforce, attacks are on the increase. We will demonstrate how hackers can attack cloud applications like Office 365. You will see how an attacker gains access to SharePoint online using a phishing attack and proceeds to access sensitive organisational files, move laterally from Cloud to on-prem and even escalate privileges to gain access to a CEO’s mailbox. Piece of cake!

During the session, you will get to see how Dave:

  • Tricks a user into entering creds into our fake O365 login page (made with Evilginx)
  • Makes Microsoft send a passcode to the user’s phone
  • Enters the user’s passcode on OUR fake page
  • Hijack’s the user’s session token
  • Gains access to SharePoint Online environment
  • Exfiltrates data from O365
  • Pivots to on-prem and steal CEO’s emails… because why not?!

Join us as we show you how this attack is executed and how you can detect and respond.


Facilitated by

Martin Smith MBE (info), Chairman & Founder, The SASIG


Presented by

Dave Philpotts (info), Security Engineer, Varonis

Log in to watch the webinar on demand

Log in here
This website uses cookies, by continuing to use the site you agree to using cookies. Continue