Contents
1. Multi Factor Authentification
one time passwordとか。
多要素認証(MFA)の意味とその仕組み https://www.onelogin.com/jp-ja/learn/what-is-mfa
Top 5 Techniques Attackers Use to Bypass MFA
HiteshSheth.PNG Hitesh ShethCEO, Vectra
August 06, 2021 https://www.darkreading.com/endpoint/top-5-techniques-attackers-use-to-bypass-mfa
the belief that you're 100% protected because of MFA is just false.
安全が保証されるわけではない理由
1. Disabling/Weakening Multifactor Authentication 2. Directly Bypassing MFA 3. Exploiting Authorized MFA Exceptions Alternatively, attackers take advantage of legacy apps which don't support MFA, such as a POP/SMTP mail server. 4. Stolen SAML Signing Certificate 5. Session Reuse Most MFA tools have a default 30-day period until it requires the user, application, or system to reauthenticate, giving the attacker enough time to establish persistent access.
Beyond the Bypass
... organizations must change their mindset from stopping breaches to limiting the damage that breaches can cause after they occur. }}}
2. Bypass
Multifactor Authentication Bypass https://apereo.github.io/cas/6.2.x/mfa/Configuring-Multifactor-Authentication-Bypass.html
Enterprise Single Sign-On for All
MFA Bypass: What It Means and Why It Happens https://rublon.com/blog/mfa-bypass-meaning/
Bypass MFA https://techdocs.akamai.com/eaa/docs/bypass-mfa
How hackers bypass MFA and ways to stop them https://www.securityinfowatch.com/cybersecurity/information-security/breach-detection/article/21229613/how-hackers-bypass-mfa-and-ways-to-stop-them