PT0-003 · Question #25
PT0-003 Question #25: Real Exam Question with Answer & Explanation
The correct answer is A: Configure an external domain using a typosquatting technique. Configure Evilginx to bypass two-. To bypass two-factor authentication (2FA) and gain access to the executives' accounts, the tester should use Evilginx with a typosquatting domain. Evilginx is a man-in-the-middle attack framework used to bypass 2FA by capturing session tokens.
Question
A tester is performing an external phishing assessment on the top executives at a company. Two- factor authentication is enabled on the executives' accounts that are in the scope of work. Which of the following should the tester do to get access to these accounts?
Options
- AConfigure an external domain using a typosquatting technique. Configure Evilginx to bypass two-
- BConfigure Gophish to use an external domain. Clone the email portal web page from the
- CConfigure an external domain using a typosquatting technique. Configure SET to bypass two-
- DConfigure Gophish to use an external domain. Clone the email portal web page from the
Explanation
To bypass two-factor authentication (2FA) and gain access to the executives' accounts, the tester should use Evilginx with a typosquatting domain. Evilginx is a man-in-the-middle attack framework used to bypass 2FA by capturing session tokens.
Topics
Community Discussion
No community discussion yet for this question.