Getting your team excited about protecting your assets can be a challenge, but it’s possible with the right cybersecurity speaker. Kevin Mitnick, founder of Mitnick Security and considered the best hacker in the world, has revolutionized industry training standards one cybersecurity presentation and hacking demo at a time.
As a renowned cybersecurity speaker, Kevin has wowed audiences for years, across multiple platforms worldwide. Although it’s difficult to pick, one of his best live hacking demonstrations is the Okta phishing attack. This hacking demo educates the audience on the importance of always remaining vigilant — even when an email looks completely normal.
Here, we’ll take an in-depth look at the Okta hacking demo, how Kevin keeps the audience engaged, and why this social engineering attack demo will always be remembered as one of the greats.
Kevin’s proxy hack for the single sign-on company Okta can be broken down into three phases:
For the first phase, a phishing email was created and sent to a user found on LinkedIn who recently started at a company and now has access to employee data or other sensitive information. The email was made to look authentic with realistic-looking credentials and logos.
At this point, the victim discovered the email from Okta support, which stated that some of their applications need to resync in order to maintain their access. The email emphasized that this must be done within the next 7 days, creating a sense of urgency that would have made the new, untrained employee click right away.
A user trained in phishing attacks would hover over the link in the email. While hovering over a link is a good general check, it doesn’t catch everything and definitely was not enough for this hacking demo. Since “okta.com” was part of the link, it would convince most users that the email was legitimate. Kevin, acting as the victim, then clicked on the link and was taken to the Okta login screen.
In the demo, the victim then used two-factor authentication to access their single sign on (SSO) provider. Next, they were taken to their account page.
Kevin explained that once the victim was logged in, they will notice all the applications are working as expected. They would then possibly do some work or even log out of the session, but the damage would already have been done.
Unfortunately, what the victim does not know is that they had been connected through a proxy, which captured their credentials. This is just one effective tactic used by social engineers to get information from their victims.
In this phase, Kevin runs a script that shows the login username and password along with the Session ID, just like a hacker. The hacker would then go to the Okta site to log on. However, a password isn’t needed; Kevin only needs to open a console in the browser and paste in the Session ID. Then once he refreshes the page, he is logged into the Okta site using the stolen credentials and has full access.
When a hacker gets this far, it means they have breached your external security, can steal your data, install ransomware to take control of your internal networks, and more.
The Okta live hack is a critical training tool because Kevin keeps his audience hooked by walking them through the hacking process step by step. With his screens fully visible, the audience can see what he sees, giving an all new meaning to, “in the eyes of a hacker.”
Kevin Mitnick’s live hacking demos are a way to draw attention to common social engineering tactics — like phishing — so audience members can increase their cybersecurity awareness. In the Okta Hack, he ends the demonstration by pointing out that even authentic-looking emails can still be dangerous. He says, “Even if you’re cautious, and hover over the link, you still need to stop, look, and think, because it might be deceptive.”
The Okta live hack demo was the best because it was engaging, interesting, and specific to the audience. Since many employees do have some cyber security training, this hack proved that you should always remain vigilant and ask yourself questions before taking any action.
Since Kevin Mitnick is the world's authority on social engineering and other forms of cyber attacks, he is able to offer a wide range of relevant speaking and live hacking demos tailored to the needs of your organization.
Choosing the right speaker for your cybersecurity training and events is critical to effectively educating your employees about the importance of cyber security. With this training, your organization makes it harder for threat actors to breach your internal systems or for any suspicious activity to go unnoticed.
If you’re ready to turn your team into ultimate defenders of your organization, hire Kevin Mitnick to speak.