MFA
Testing Multifactor authentication mechanism
MFA Fatigue
MFA fatigue attack can be considered as a social engineering attack where the attacker send repeated MFA push notifications to the victim until the latter is overloaded. This attack relies on the the fact that the user will get easily overwhelmed with repeated notifications sent to his phone or computer (the fatigue effect) and will finish to accept the notification.
Conditional Access Policy
MFASweep
Will check if MFA is enabled on all Microsoft services and check for Conditional Access Policy configuration.
Spray365
Test MFA Conditional Access Policy. Use Audit Mode.
Last updated