Explore a comprehensive security conference talk that delves into vulnerabilities and potential exploits within Windows Hello and Windows Hello for Business (WHFB) authentication systems. Learn about advanced attack vectors including WHFB key provisioning during phishing scenarios, device code phishing, and credential phishing techniques. Discover how Windows Hello keys are protected and utilized on Windows devices, with detailed insights into leveraging these keys for lateral movement and maintaining persistence after gaining access to user sessions. Building upon previous findings that revealed gaps in Microsoft's promoted security features, examine how these passwordless authentication methods can be compromised without MFA and exploited for movement between Entra ID and on-premises Active Directory through cloud Kerberos trust.
Windows Hello Abuse: Exploiting Authentication and Security Features
Ekoparty Security Conference via YouTube
Overview
Syllabus
Windows Hello abuse, the sequel - Dirk-jan Mollema - Ekoparty 2024
Taught by
Ekoparty Security Conference
Related Courses
-
Credential Management and Access Control with Active Directory and Entra ID
-
MD-100 Configure authorization and authentication
-
Manage data security for Copilot for Microsoft 365
-
Abusing Windows Hello Authentication Without Biometric Data
-
MD-101 Manage authentication and compliance
-
Windows Hello for Business Security Analysis and Authentication Protocol Deep Dive - Lecture 10
