DESCRIPTION

Modern IT environments offer passwordless authentication to improve security and improves user experience. Certificate and key-based authentication does not only makes the user's life easier, it also gives the offensive side an excellent opportunity to obtain versatile credentials and be more stealthy.

This technical session will provide detailed demos and discussions about the different attacks using certificate- and key-based authentication in a Windows environment ranging from certificate services misconfigurations and abuse to Windows Hello for Business keys and sessions.

WHY THE COMMITTEE CHOSE THIS TALK

Often the passwordless sign in as propagated by Microsoft is viewed as a golden bullet to all credential attacks by IT managers. And while this may be true for the majority of the current treat actors, with the growing adoption rate, the attackers adopt. This talk will prepare us for tomorrows threats and give us insights how to defend our companies.

SPEAKER

Hasain Alshakarti