Secrets of the Second Factor

Presented at Diana Initiative 2020 Virtual, Aug. 21, 2020, 3 p.m. (60 minutes)

Bored by talks convincing you to setup 2FA, as if you haven’t already had it on your MMORPG account for a decade? There's more to MFA than protecting an account from a bad, reused, or dumped password. Let's go discover all the dirty little secrets in $company using the MFA logs! Break the barrier of complacency that comes with a multi factor system! Explore all the obvious security violations of risky login habits. I’ll step through why you should be logging every authentication attempt and read the logs to discover all the hidden secrets that could have been unnoticed for years. Things slip by other data sources and behavior analysis tools but become clear when you know how to spot the secrets in the second factor.

Presenters:

  • BACE16 - Speaker   as Bace 16
    BACE16 was bored as a firewall engineer so she started a Def Con Group in RTP, NC, DC919, to re-discover the joys of hacking with a community. Building on this, she also volunteers for BSides RDU and is a founding member of Cackalacky Con. She eventually found her calling as an incident response security analyst, finding bizarre things in logs and investigating user access behavior. While there’s so much work that can’t be spoken about, she hopes people will learn and push detection methods further together.

Links:

Similar Presentations: