MFA-ing the Un-MFA-ble - Protecting Auth Systems' Core Secrets

MFA-ing the Un-MFA-ble - Protecting Auth Systems' Core Secrets

Black Hat via YouTube Direct link

black hat USA 2021

2 of 27

2 of 27

black hat USA 2021

Class Central Classrooms beta

YouTube videos curated by Class Central.

Classroom Contents

MFA-ing the Un-MFA-ble - Protecting Auth Systems' Core Secrets

Automatically move to the next video in the Classroom when playback concludes

  1. 1 Intro
  2. 2 black hat USA 2021
  3. 3 SunBurst: Breach of the year
  4. 4 SunBurst APT
  5. 5 Persistence: APT VS. APT
  6. 6 Persistence in practice
  7. 7 What is SAML
  8. 8 Service Provider (SP)
  9. 9 Identity Provider (IP)
  10. 10 SAML token example
  11. 11 Back to Service Provider
  12. 12 SAML is all about decoupling
  13. 13 Golden SAML: In high level
  14. 14 Problem definition
  15. 15 MFA as a good solution reference
  16. 16 Hardware based solution
  17. 17 HSM for SAML: Scorecard
  18. 18 What if we can have multiple signers?
  19. 19 Threshold Signature Scheme (TSS)
  20. 20 Tribute to Dan Kaminsky
  21. 21 EC-DLP as a billiards game
  22. 22 Distributed EC-DLP: Doubles' billiards game
  23. 23 Threshold Signatures (TSS): 1 becomes 2
  24. 24 TSS SAML flow: In high level
  25. 25 TSS for SAML: Scorecard
  26. 26 Demo Architecture - Setup Phase
  27. 27 Demo Architecture - Signing Phase

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.