Explore the evolving landscape of authentication proxy attacks in this 46-minute conference talk from BSidesLV. Delve into the history of evilnginx and its impact on stealing authentication session tokens from MFA-enabled logon processes. Examine the recent rise of EvilProxy and similar platforms, which have enabled cybercriminals to compromise targets with strong authentication without resorting to traditional methods. Learn about the tactics, tools, and procedures used in MFA-enabled account takeovers, and discover the inherent weakness in these attacks that allows for effective hunting, detection, mitigation, and blocking. Gain valuable insights into protecting organizations against these sophisticated threats, especially in sectors where phish-resistant MFA adoption is still emerging.