|
|
|
|
|
|
by ben1040
4783 days ago
|
|
|
It would have stopped someone from using a phished GApps credential from logging in to Google using it, though. It sounds like one prong of the attack was to gain access to one employee's email, then use that account to send phishing emails to other employees. 2FA would have stopped that. |
|
|
1- get target to enter google credentials
2- log into target's account using those credentials with a proxy/controlled IP that shows up nearby in geoip DBs
3- display a credible message, asking for 2factor code (something something DHCP something something more buzzwords - dummy mode on)
Any reason this wouldn't work?