Modern IT environments offer passwordless authentication to improve security and improves user experience. Certificate and key-based authentication does not only makes the user's life easier, it also gives the offensive side an excellent opportunity to obtain versatile credentials and be more stealthy. This technical session will provide detailed demos and discussions about the different attacks using certificate- and key-based authentication in a Windows environment ranging from certificate services misconfigurations and abuse to Windows Hello for Business keys and sessions.
Presented at Security Fest 2023.
Speaker: Hasain AlshakartiHasain, also known as "The Wolf", is an industry-leading cyber security expert with more than 25 years of experience. He has extensive and deep expertise from numerous design projects, security audits, advanced implementation projects, incident response, digital forensic, threat hunting and penetration testing. He helps customers understand and build solutions to protect, detect and respond to cyber threats for enterprises, government agencies, banks, military organizations among others. Due to his expertise, he is a sought-after advisor, speaker and a popular instructor. For his many achievements over the years, Hasain has been awarded recognition as "Sweden’s leading IT security expert" and Microsoft MVP in Enterprise Security and Cloud & Datacenter.