How Adversary-In-The-Middle (AiTM) Attack Bypasses MFA and EDR?

Adversary-in-the-Middle (AiTM) attacks are among the most sophisticated and dangerous phishing techniques in the modern cybersecurity landscape.

Unlike traditional phishing attacks that merely collect static credentials, AiTM attacks actively intercept and manipulate communications between users and legitimate services in real-time, enabling attackers to bypass multi-factor authentication (MFA) and evade endpoint detection and response (EDR) systems.

These attacks have surged in popularity as organizations increasingly adopt MFA protections, with Microsoft reporting that AiTM phishing campaigns have targeted over 10,000 organizations globally.

The emergence of phishing-as-a-service (PhaaS) platforms like Tycoon 2FA and Evilginx2 has industrialized these attacks, lowering the technical barrier for cybercriminals and making sophisticated AiTM capabilities accessible through subscription models starting at just $120.

Introduction to AiTM Attacks

Adversary-in-the-Middle attacks fundamentally differ from traditional man-in-the-middle (MitM) attacks through their active manipulation and sophisticated orchestration of authentication processes.

While traditional MitM attacks often focus on passive eavesdropping, AiTM attacks involve attackers positioning themselves as active intermediaries between victims and legitimate services, using reverse proxy servers to create seamless, real-time communication channels.

The technical foundation of AiTM attacks relies on reverse proxy architecture, where attackers deploy servers that act as intermediaries between victims and legitimate authentication portals.

This approach allows attackers to present users with authentic-looking login pages that are actually legitimate pages served through the malicious proxy, making detection extremely difficult.

Modern AiTM toolkits leverage sophisticated technologies, including WebSocket connections for real-time bidirectional communication, automated SSL certificate generation through services like Let’s Encrypt, and advanced cloaking mechanisms using tokenized URLs to evade detection.

When a victim attempts to access a service like Microsoft 365 or Gmail, the AiTM proxy intercepts the request, forwards it to the legitimate service, captures the response, and relays it back to the victim while simultaneously harvesting all authentication data in transit.

The most prominent open-source AiTM frameworks include Evilginx2, Muraena, and Modlishka, each offering unique capabilities for credential harvesting and session hijacking.

These tools have evolved to include features such as multi-domain hosting, custom branding integration, and advanced evasion techniques that make them particularly effective against modern security measures.

The Role of MFA in Modern Security

Multi-factor authentication has become the cornerstone of modern cybersecurity strategies, with Microsoft blocking over 7,000 password attacks per second, representing a 75% year-over-year increase.

MFA implementations typically require users to provide something they know (password), something they have (mobile device or hardware token), or something they are (biometric data).

Traditional MFA methods include SMS codes, push notifications, authenticator apps generating time-based one-time passwords (TOTP), and hardware security keys.

MFA Method	Authentication Factor	Adoption Rate	AiTM Vulnerability	Traditional Security Level	Common Bypass Methods
SMS Codes (SMS OTP)	Something you have	High (60%+)	High – Easily intercepted	Low	SIM swapping, SS7 attacks
Push Notifications	Something you have	High (50%+)	High – Tokens stolen post-auth	Medium-High	Push fatigue, device compromise
Authenticator Apps (TOTP)	Something you have	Medium (35%+)	High – Codes relayed in real-time	High	Device compromise, phishing
Hardware Security Keys (FIDO2)	Something you have	Low (15%+)	Medium – Session tokens still stolen	Very High	Session token theft (AiTM only)
Voice Calls	Something you have	Medium (25%+)	High – Codes intercepted	Low	Voice phishing, call forwarding
Email OTP	Something you have	Medium (30%+)	High – Easily intercepted	Low-Medium	Email compromise, phishing
Biometric Authentication	Something you are	Growing (20%+)	Medium – Session tokens stolen	Very High	Session token theft
Certificate-based Authentication	Something you have	Low (10%+)	Medium – Certificates bypassed	Very High	Session token theft, cert theft

The security model of MFA relies on the assumption that compromising multiple authentication factors simultaneously is significantly more difficult than bypassing a single password.

However, this assumption breaks down in the face of AiTM attacks, which don’t need to compromise individual factors but instead exploit the trust relationship established after successful authentication.

When users complete the MFA challenge through an AiTM proxy, they unknowingly provide attackers with both their credentials and the session tokens issued by the legitimate service.

How AiTM Attack Bypasses MFA and EDR

The MFA bypass mechanism in AiTM attacks operates through session token theft rather than authentication factor compromise. When victims interact with an AiTM phishing page, they complete the entire authentication process, including MFA challenges, but all communications pass through the attacker’s proxy server.

The proxy forwards the user’s credentials and MFA responses to the legitimate service, which then issues session cookies and authentication tokens back through the proxy.

The attacker captures these tokens while allowing the authentication to complete successfully, creating a scenario where the victim believes they’ve securely logged in while the attacker has gained persistent access to their account.

Session tokens, particularly Primary Refresh Tokens (PRTs) in Microsoft environments, can provide extended access lasting 30 days or more if kept active.

These tokens contain cryptographic proof of successful authentication and can be replayed by attackers to access accounts without triggering additional MFA challenges.

The sophistication of modern AiTM kits like Tycoon 2FA includes features for session token management, automatic token refresh, and persistence mechanisms that allow attackers to maintain access even after password changes.

EDR evasion in AiTM attacks occurs through several mechanisms that exploit fundamental limitations in endpoint monitoring. Traditional EDR solutions focus on detecting malicious processes, file modifications, and network connections originating from the endpoint itself.

However, AiTM attacks primarily occur server-side, where the malicious proxy operates independently of the victim’s endpoint. The victim’s device only interacts with what appears to be legitimate web traffic to authentic domains, making the malicious activity invisible to endpoint-based detection systems.

Advanced AiTM campaigns employ sophisticated evasion techniques, including code obfuscation using Base64 encoding, dynamic code generation that alters signatures with each execution, and anti-debugging mechanisms designed to frustrate automated analysis.

These techniques specifically target the static and behavioral analysis capabilities of EDR systems. Additionally, attackers abuse legitimate services like CodeSandbox, Glitch, and Notion as redirect mechanisms, leveraging the trust these domains have with security systems to bypass URL filtering and reputation-based blocking.

The use of living-off-the-land techniques further complicates EDR detection, as AiTM attacks often rely on standard web protocols and legitimate authentication flows.

Attackers may also implement EDR communication blocking techniques, using tools like Windows Filtering Platform (WFP) to prevent EDR agents from communicating with their cloud infrastructure, effectively blinding the security solution to ongoing malicious activities.

Indicators of AiTM Attacks

Authentication log analysis reveals several key indicators of AiTM activity, with impossible travel being among the most reliable signals. When attackers use stolen session tokens, they often authenticate from geographic locations that would be impossible for the legitimate user to reach within the observed timeframe.

Microsoft’s delayed logging can complicate this analysis, as some authentication events may take up to 20 hours to appear in audit logs, making real-time detection challenging.

Multiple rapid sign-ins from different locations within short timeframes, particularly when accompanied by successful MFA completion, often indicate session token replay attacks.

Category	Indicator	Description	MITRE_ATT&CK
Authentication Logs	Impossible Travel	User authentication from geographically impossible locations within short timeframes	T1078.004
Authentication Logs	Multiple Rapid Sign-ins	Multiple successful authentications from different locations in rapid succession	T1078.004
Authentication Logs	Session Token Anomalies	Authentication without password entry or MFA prompts in logs	T1078.004
Network Indicators	Unknown IP Addresses	Sign-ins from previously unseen IP addresses or suspicious ASNs	T1557
Network Indicators	Suspicious Domains	Connections to domains mimicking legitimate services or suspicious TLDs	T1557
User Behavior	Mailbox Rule Creation	Creation of inbox rules to hide or redirect emails, especially with random names	T1564.008
User Behavior	Email Forwarding Rules	New forwarding rules redirecting emails to external addresses	T1114.003
Email Indicators	Phishing Email Patterns	Emails from trusted senders with suspicious links or urgent language	T1566.002
Email Indicators	Legitimate Service Abuse	Abuse of legitimate services like CodeSandbox, Glitch, or Notion for redirection	T1566.002
Technical Artifacts	Reverse Proxy Artifacts	WebSocket connections, specific HTTP headers, or proxy-related network signatures	T1557

The evolution of AiTM attacks from simple credential harvesting to sophisticated, service-oriented attack platforms represents a fundamental shift in the threat landscape that requires equally sophisticated defense strategies.

Organizations must recognize that traditional perimeter defenses and even MFA are insufficient against these advanced persistent threats, necessitating comprehensive security architectures that include behavioral analytics, session token protection, and continuous authentication mechanisms to counter this growing menace effectively.

Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates.