Challenge: MFA ... All Day Every Day
Course Content
MFA from an DFIR view!
> In this [NCAM](https://www.cisa.gov/cybersecurity-awareness-month) challenge, you will analyze a web server log reviewing an MFA attempt. This challenge aims to look beyond the basics of MFA being a recommendation and critically examine why proper implementation is also essential. We all know that MFA is an excellent security control, but let’s see why it is vital to implement it correctly!1.) How is the application verifying the user? 2.) What is the value the user is submitting? 3.) How could a user capture this information? 4.) What is the bypass being used?
Who is this for:
> Early career practitioners. Individuals new to cybersecurity may be challenged but the difficulty rating on this challenge is relatively low. We encourage the use of any internet resources, community/colleague assistance in completion of the challenge.Are write ups permitted?
> Yes, write ups are permitted; however, please do not post answers directly. All write ups should include an appropriate link back to Cybrary and the Cybrary Course.What resources are available to help solve this challenge?:
> Online search, community, colleagues or fellow practitioners.Instructed by
Matt has led multiple Red Team engagements, ranging from a few weeks to a year and covering multiple security domains. Outside of Red Teaming, Matt is also a seasoned penetration tester with interests in: AppSec, OSINT, Hardware, Wifi, Social Engineering, and Physical Security. Matt has a Master's degree in Information Assurance and an exhaustive number of certifications ranging from frameworks, management, and hands-on hacking. Matt is a Technical SME at Cybrary, focusing on Adversarial Emulation and Red Teaming for course content.
