Explore the evolving landscape of multi-factor authentication (MFA) schemes and learn techniques for both evading and protecting against advanced attacks in this 47-minute conference talk from Derbycon 2018. Delve into pre-authentication setups, real-time phishing methods, and post-authentication strategies for surveying and exploiting vulnerabilities. Examine post-exploitation techniques targeting MFA management and integration, and discover defense-in-depth approaches for pre-authentication and post-exploitation scenarios. Gain valuable insights into the complexities of modern MFA systems and how to strengthen security measures against sophisticated evasion tactics.