Thank you to ThreatLocker for sponsoring my trip to ZTW26 and also for sponsoring this video. To start your free trial with ThreatLocker please use the following link:  https://www.threatlocker.com/davidbombal

Are your passwords and 2FA enough to stop a modern cyber attack? In this interview, Rob from
ThreatLocker breaks down the dangerous reality of password reuse, SIM swapping, and why
traditional SMS MFA is no longer bulletproof.

We dive deep into how threat actors use reverse proxies like Evilginx to steal session cookies, allowing them to bypass multi-factor authentication and hijack your accounts without ever needing your password.

Discover why relying on legacy VPNs and leaving firewall ports open to the internet massively
increases your attack surface, leaving your organization just one brute-force attack away from
ransomware. Finally, we explore the mechanics of ThreatLocker’s Zero Trust Network Access
and Cloud Access, detailing how denying by default and routing through secure proxies can lock
down Microsoft 365 and make your internal network effectively invisible to hackers.

// Rob Allen’s SOCIAL //
LinkedIn:  https://www.linkedin.com/in/threatlockerrob/
X:  https://x.com/threatlockerrob

// David's SOCIAL // 
Discord: https://discord.com/invite/usKSyzb 
X: https://www.twitter.com/davidbombal 
Instagram: https://www.instagram.com/davidbombal 
LinkedIn: https://www.linkedin.com/in/davidbombal 
Facebook: https://www.facebook.com/davidbombal.co 
TikTok: http://tiktok.com/@davidbombal 
YouTube: https://www.youtube.com/@davidbombal
Spotify:  https://open.spotify.com/show/3f6k6gERfuriI96efWWLQQ
SoundCloud:  https://soundcloud.com/davidbombal
Apple Podcast:  https://podcasts.apple.com/us/podcast/david-bombal/id1466865532

// MY STUFF //
 https://www.amazon.com/shop/davidbombal 

// SPONSORS // 
Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com


// MENU //
0:00 - Coming up
0:57 - What is 2FA/MFA and why is it important?
02:54 - Reusing passwords
04:38 - Malicious Chrome extensions
05:39 - Average person vs cybersecurity
12:18 - SMS 2FA
13:37 - Authenticator apps
16:26 - Yubikeys
17:58 - No one is "unhackable"
21:52 - "Cookie stealing" explained
22:53 - ThrearLocker's new tool/solution
28:22 - How ThreatLocker protects Office365
29:06 - ThreatLocker protecting organizations
33:11 - Should I trust ThreatLocker?
35:54 - How safe is ThreatLocker?
38:00 - Conclusion

Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! 

Disclaimer: This video is for educational purposes only.

#cybersecurity #hacker #hack

David Bombal

A cybersecurity expert explains the limitations of 2FA/MFA, covering attack vectors like SIM swapping, MFA bombing, and session token/cookie theft. The discussion highlights how tools like Evilginx (a reverse proxy) can intercept authentication tokens even when MFA is properly used. Best practices for password hygiene, authenticator apps vs SMS, hardware keys, and threat modeling are covered. The conversation also introduces ThreatLocker's zero trust cloud access product, which routes traffic through trusted infrastructure to block stolen-cookie attacks by enforcing IP-based conditional access policies.

Did you know that Evilginx allows Hackers to Defeat 2FA