The goal here was to circumvent 2FA on devices located inside the Org A office.
On-prem systems prompt for 2FA. So the attacker knew a user/password combo, but couldn't leverage it directly because they would have triggered 2FA.
But the 802.1x didn't have 2FA enabled. So using the user/password combo they already had, they just needed to approach the target network over WiFi in order to bypass the 2FA requirement.
On-prem systems prompt for 2FA. So the attacker knew a user/password combo, but couldn't leverage it directly because they would have triggered 2FA.
But the 802.1x didn't have 2FA enabled. So using the user/password combo they already had, they just needed to approach the target network over WiFi in order to bypass the 2FA requirement.