Coursera Spring Sale
40% Off Coursera Plus Annual!
Grab it
Explore advanced phishing techniques in this conference talk that demonstrates how adversaries have evolved beyond basic credential harvesting to sophisticated Adversary-in-the-Middle (AiTM) campaigns capable of intercepting session cookies and OAuth tokens while bypassing multi-factor authentication defenses. Analyze modern phishing methods including OAuth consent hijacking, browser-based MITM proxies, and token-binding attacks through two revolutionary serverless approaches that create the ultimate stealthy platforms for phishing operations. Discover how Cloudflare Workers leverage global CDN infrastructure, free TLS certificates, and scriptable edge logic to establish invisible proxies, while learning about a groundbreaking single-file approach using Express (node.js) packaged into portable JavaScript files for one-click deployment across legitimate PaaS platforms including Azure, AWS, DigitalOcean, Heroku, Vercel, and Railway. Examine how these dual techniques create distributed, resilient phishing infrastructure that appears entirely legitimate to security tools and investigators by operating seamlessly across both specialized edge platforms and mainstream cloud services with zero indicators of compromise. Delve into Microsoft EntraID defenses including token binding, risk-based sign-in, consent screens, and FIDO2/passkeys, followed by detailed bypass methods using both Cloudflare Workers and multi-PaaS deployment strategies. Understand the complete WebAuthn/passkey authentication flow and discover advanced MITM strategies capable of subverting FIDO protections, while learning methods for minimizing browser telemetry and implementing defensive best practices against these emerging threats.
