This article examines how adversary-in-the-middle (AiTM) attacks bypass traditional Multi-Factor Authentication (MFA) by exploiting authenticated session tokens instead of stealing credentials. It reviews two case studies to highlight the importance of session awareness and modern authentication methods in preventing breaches.

The project deploys a Velociraptor container on Azure App Service to facilitate incident response investigations, providing advanced endpoint visibility and scalable threat hunting capabilities across various operating systems. It includes features like a flexible query language and artifact management for efficient forensic analysis. Users are advised to configure authentication and can choose between scaling options for larger environments.