Windows Hello Abuse: Exploiting Authentication and Security Features
Ekoparty Security Conference via YouTube
Master Production-Ready Machine Learning, Step by Step
Live Online Classes in Design, Coding & AI — Small Classes, Free Retakes
Overview
Google, IBM & Meta Certificates – 40% Off
One plan covers every Professional Certificate on Coursera.
Unlock All Certificates
Explore a comprehensive security conference talk that delves into vulnerabilities and potential exploits within Windows Hello and Windows Hello for Business (WHFB) authentication systems. Learn about advanced attack vectors including WHFB key provisioning during phishing scenarios, device code phishing, and credential phishing techniques. Discover how Windows Hello keys are protected and utilized on Windows devices, with detailed insights into leveraging these keys for lateral movement and maintaining persistence after gaining access to user sessions. Building upon previous findings that revealed gaps in Microsoft's promoted security features, examine how these passwordless authentication methods can be compromised without MFA and exploited for movement between Entra ID and on-premises Active Directory through cloud Kerberos trust.
Syllabus
Windows Hello abuse, the sequel - Dirk-jan Mollema - Ekoparty 2024
Taught by
Ekoparty Security Conference