The Fastest Way to Become a Backend Developer Online
Earn Your Business Degree, Tuition-Free, 100% Online!
Overview
Google, IBM & Meta Certificates – 40% Off
One plan covers every Professional Certificate on Coursera.
Unlock All Certificates
Discover a critical security vulnerability in Windows Hello for Business (WHfB) through this Black Hat conference presentation that exposes how attackers can bypass its phishing-resistant authentication mechanism. Learn about the technical process of intercepting and modifying POST requests to Microsoft's authentication services, including the manipulation of parameters like User-Agent and isFidoSupported to force authentication downgrades. Explore the modified EvilGinx framework that automates and scales this attack vector, while understanding crucial mitigation strategies focused on conditional access policies and authentication strength enforcement. Gain valuable insights into WHfB's security architecture and the importance of implementing enhanced security measures to protect against such authentication downgrades.
Syllabus
Hook, Line and Sinker: Phishing Windows Hello for Business
Taught by
Black Hat