Free

Challenge: MFA ... All Day Every Day

National Cybersecurity Awareness Month has several themes, one of which is Multi-Factor Authentication (MFA). This MFA challenge will have you analyze a log and identify the potential MFA attack. The goal is to review suspicious requests and identify how MFA can be attacked in real-world use cases.
1
0
M
Time
beginner
difficulty
1
ceu/cpe

Course Content

Course Description

MFA from an DFIR view!

> In this [NCAM](https://www.cisa.gov/cybersecurity-awareness-month) challenge, you will analyze a web server log reviewing an MFA attempt. This challenge aims to look beyond the basics of MFA being a recommendation and critically examine why proper implementation is also essential. We all know that MFA is an excellent security control, but let’s see why it is vital to implement it correctly!

1.) How is the application verifying the user? 2.) What is the value the user is submitting? 3.) How could a user capture this information? 4.) What is the bypass being used?

![CySeeker Peculiar](//images.ctfassets.net/kvf8rpi09wgk/qbEzmd4efRzpA1lBEW8vZ/9fb4bc97f855861107cfa48daf666920/CySeeker_Peculiar.png)

Who is this for:

> Early career practitioners. Individuals new to cybersecurity may be challenged but the difficulty rating on this challenge is relatively low. We encourage the use of any internet resources, community/colleague assistance in completion of the challenge.

Are write ups permitted?

> Yes, write ups are permitted; however, please do not post answers directly. All write ups should include an appropriate link back to Cybrary and the Cybrary Course.

What resources are available to help solve this challenge?:

> Online search, community, colleagues or fellow practitioners.

This course is part of a Career Path:
No items found.

Instructed by

Master Instructor
Matthew Mullins

Matt has led multiple Red Team engagements, ranging from a few weeks to a year and covering multiple security domains. Outside of Red Teaming, Matt is also a seasoned penetration tester with interests in: AppSec, OSINT, Hardware, Wifi, Social Engineering, and Physical Security. Matt has a Master's degree in Information Assurance and an exhaustive number of certifications ranging from frameworks, management, and hands-on hacking. Matt is a Technical SME at Cybrary, focusing on Adversarial Emulation and Red Teaming for course content.

Provider
Cybrary Logo
Certification Body
Certificate of Completion

Complete this entire course to earn a Challenge: MFA ... All Day Every Day Certificate of Completion