BEGIN:VCALENDAR
VERSION:2.0
PRODID:Data::ICal 0.24
BEGIN:VEVENT
DESCRIPTION:   'Title: Abusing Windows Hello Without a Severed Hand\n   Whe
 n: Friday\, Aug 9\, 15:00 - 15:45 PDT\n   Where: LVCC West/Floor 1/Hall 1/
 Track 2 - [1]Map\n\n   Description:\n\n   Windows Hello is touted by Micro
 soft as the modern de facto\n   authentication scheme on Windows platforms
 \, supporting authentication\n   and encryption backed by biometrics. In a
  world that is quickly\n   accelerating towards a passwordless existence\,
  what new threats do we\n   face in this complex landscape? We will take a
  deep dive into the\n   inner working of Windows Hello. Via the release of
  a new tool\, it will\n   be demonstrated how an attacker on a fully compr
 omised Windows host\n   can leverage secrets backed by Windows Hello biome
 trics without\n   needing the biometric data that protects them. We will a
 lso show how\n   the hardware protections of Windows Hello and its accompa
 nying Primary\n   Refresh Tokens can be defeated\, making it possible to u
 se Windows\n   Hello for identity persistency and PRT stealing\, in some c
 ases even\n   without Administrator access on the host.\n\n     * [2]link\
 n\n     * [3]link\n\n     * [4]link\n\n     * [5]link\n\n     * [6]link\n\
 n   Speakers:Ceri Coburn\,Dirk-jan Mollema\n\n   SpeakerBio:  Ceri Coburn\
 , Red Team Operator and Offensive Security Dev\n   at Pen Test Partners\n\
 n   After a 20 year career within the software development space\, Ceri wa
 s\n   looking for a new challenge and moved into pen testing back in 2019.
 \n   During that time he has created and contributed to several open sourc
 e\n   offensive tools such as Rubeus\, BOFNET and SweetPotato and on the o
 dd\n   occasion contributed to projects on the defensive side too. After\n
    speaking at DEF CON 31 for the first-time last year\, he is now back\n 
   for more. He currently works as a red team operator and offensive\n   se
 curity dev at Pen Test Partners.\n\n   SpeakerBio:  Dirk-jan Mollema\, Sec
 urity Researcher at Outsider\n   Security\n\n   Dirk-jan Mollema is a hack
 er and researcher of Active Directory and\n   Microsoft Entra (Azure AD) s
 ecurity. In 2022 he started his own\n   company\, Outsider Security\, wher
 e he performs penetration tests and\n   reviews of enterprise networks and
  cloud environments. He blogs at\n   dirkjanm.io\, where he publishes his 
 research\, and shares updates on\n   the many open source security tools h
 e has written over the years. He\n   presented previously at TROOPERS\, DE
 F CON\, Black Hat and BlueHat and\n   has been awarded as one of Microsoft
 's Most Valuable Researchers\n   multiple times.\n\n   '\n\n   1. #LVCCW_L
 evel1_Hall1\n   2. https://www.insecurity.be/blog/2020/12/24/dpapi-in-dept
 h-with-tooling-standalone-dpapi/\n   3. https://github.com/tijldeneut/dpap
 ilab-ng\n   4. https://dirkjanm.io/phishing-for-microsoft-entra-primary-re
 fresh-tokens/\n   5. https://dirkjanm.io/digging-further-into-the-primary-
 refresh-token/\n   6. https://dirkjanm.io/assets/raw/Windows%20Hello%20fro
 m%20the%20other%20side_nsec_v1.0.pdf\n\n\n
DTEND:20240809T224500Z
DTSTART:20240809T220000Z
LOCATION:DC - LVCC West/Floor 1/Hall 1/Track 2
SUMMARY:Abusing Windows Hello Without a Severed Hand
END:VEVENT
END:VCALENDAR