Live Cyber Attack Lab #3

Office 365 Man-in-the-Middle Attack

Our incident response team is seeing an uptick in adversaries using a very tricky man-in-the-middle attack to bypass MFA, breach Office 365 tenants, and pivot to on-prem systems.

Join us to see how the attack works and how to defend against it!

Pick a Time That Works for You

Sessions also available in German, French, Spanish, Italian, and Dutch.

video play

Watch a Short Preview


Quick Overview

Watch an attack happen from the “other” side:

Trick a user into entering creds into a fake Office 365 login page (made with evilginx).

Issue an MFA code request to Microsoft on that user’s behalf.

Steal the user’s access token, breach their Office 365 instance, and exfiltrate sensitive data.

  • 1 Where in the kill chain could you spot this attack?
  • 2 How would you detect this in your environment?
  • 3 When and how should you respond?
  • 4 How would you investigate the incident, and how long would it take?
Choose Your Session Time
Learn, step-by-step, how you can use Varonis to get fast and conclusive answers—without wasting hours stitching logs or running reports.
+1 CPE Credit
Earn an (ISC)² credit just for watching.
Authentic Attack
Simulation mirrors real attacks observed by our IR team.
Actionable Training
Learn how to respond without experiencing an attack yourself.
Replay Available
Can't make the live session? We'll email you the video after.

Sessions led by engineers who have definitely seen some things.

Matt Radolec
Security Analyst Manager Security Architecture & Incident Response

Matt Radolec and the Varonis Incident Response Team are called in to respond to HUNDREDS of new and nefarious attacks for clients and trial users every year.

From thwarting ransomware to catching rogue insiders red-handed, these world-class experts are trusted by the biggest brands on the planet to identify, investigate, and stop attacks before they become crisis situations.

Available Lab Times

The team is running multiple live sessions per week, webinar-style, on Zoom. After the attack simulation, you're invited to stick around for Q&A.

Sessions also available in German, French, Spanish, Italian, and Dutch.

Monday 3:00pm ET Wednesday 10:00am ET Friday 9:00am ET

Some of what you’ll see...

  • How attackers can easily build fake login pages for phishing campaigns
  • Two threat models that can help detect the initial intrusion, even before any data is touched
  • How to spot abnormal access or sharing behavior in Office 365 the minute it happens
  • How attackers can use malware to move laterally from cloud apps to corporate endpoints
  • Why keeping an inventory of sensitive data (and an audit trail of access) is essential for preventing exfiltration
  • How Varonis’ one-click context cards make real threats obvious and deep-dive investigations easy

You'll get a lot out of the lab, no matter how experienced your team or robust your security stack.

Pick a Time That Works for You