2024-10-12 –, Ballroom D
In an era where phishing attacks are becoming increasingly sophisticated, tools like Evilginx pose significant threats to organizations and individuals alike. This presentation delves into the inner workings of Evilginx, a popular man-in-the-middle proxy service used by attackers to bypass multi-factor authentication and harvest credentials. Through a hands-on exploration, I will demonstrate how Evilginx operates, discuss its implications for cybersecurity, and offer actionable mitigation strategies that defenders can implement to protect their networks. Attendees will gain a deeper understanding of how attackers exploit this tool and leave with practical knowledge to enhance their defensive measures.
As phishing techniques evolve, cybersecurity professionals must stay ahead of the curve to defend against increasingly complex threats. Evilginx is a tool that exemplifies this evolution, enabling attackers to perform man-in-the-middle attacks that can capture login credentials and bypass even the most robust security measures, including multi-factor authentication.
In this session, we will:
Explore Evilginx in Detail: I will guide you through the setup and configuration of Evilginx in a lab environment, highlighting its capabilities and the potential risks it poses.
Simulate Phishing Attacks: We’ll walk through real-world examples of how Evilginx can be used to deceive users and capture sensitive information.
Discuss Mitigation Strategies: Learn about various defense mechanisms that can be employed to detect and thwart attacks facilitated by Evilginx, including network monitoring, user education, and advanced security configurations.
Red, Blue, Purple, Technical
Kierston Grantham is a seasoned cybersecurity professional at McLeod Software with a passion for ethical hacking and defending against emerging threats. As the leader of DEFCON 205 and a board member of the Central Alabama Information Systems Security Association (CA-ISSA), Kierston is deeply involved in the cybersecurity community, constantly exploring new techniques and strategies to protect organizations from advanced attacks. With a strong background in ethical hacking and a commitment to sharing knowledge, Kierston is dedicated to empowering others in the fight against cyber threats.