Abusing Windows Hello Authentication Without Biometric Data

Explore Windows Hello's security vulnerabilities through this DEF CON 32 conference talk that examines Microsoft's modern authentication scheme. Dive deep into the mechanics of Windows Hello to understand how attackers can potentially bypass biometric authentication on compromised Windows systems without requiring actual biometric data. Learn about a newly released tool that demonstrates these vulnerabilities, including methods to defeat hardware protections and steal Primary Refresh Tokens. Discover how these exploits can enable identity persistence, sometimes achievable without administrator privileges, raising important considerations for the growing passwordless authentication landscape.