Demonstration of staging a phishing email and credential harvesting site, to not only steal a target password, but retrieve a two-factor authentication (2FA) code just as well! Our hacker synchronizes the login time with the (fake) login for the victim, and we have a full account takeover!
https://youtube.com/watch?v=FwGeBW6OurM

Kudos to @PlexTrac for sponsoring this video -- you can use PlexTrac to make report writing a breeze! Try their collaborative platform: https://j-h.io/plextrac