Previous Next
by danduran on Cybersecurity 1 min read, Comments: 0 (Add Your Comment!)

Your MFA Means Nothing!

Newsletter Signup
@commentary @videos

TL;DR:

This video explains why MFA can be security theater, how attackers bypass it by stealing session tokens through illicit app consent, and why default Microsoft 365 settings leave companies exposed. It outlines how to actually fix it: lock down app consent, use FIDO2, and enforce conditional access.

Is MFA a lie? You think that little six-digit code keeps you safe from cyber attacks and identity theft. I'm here to expose the myths, blind spots, and false confidence that leave organizations vulnerable.

In this first Root Access briefing, I demonstrate exactly how a targeted, human attacker bypasses your Multi-Factor Authentication (MFA)—without stealing your password or attempting to crack your code. I show you the mechanics of the Illicit Consent Attack and expose the three default settings in your environment that leave the front door wide open for me.

Latest Comments
Sign in to add a comment

No comments yet. Be the first to comment!