DSInternalsVideos
-
Getting Rid of Passwords with FIDO2 and W3C WebAuthn
-
Active Directory Database Security
-
A Look Inside a Pass-the-PRT Attack
Like an NT hash (AKA NTLM hash AKA MD4 hash) and a Kerberos ticket, a Primary Refresh Token (PRT) can be passed in an attack. Mimikatz author Benjamin Delpy and Dirk-jan Mollema have both released detailed research and code showing how attackers could Pass-the-PRT to perform the lateral movement to the cloud.
I have recorded a short demo of the Pass-the-PRT Attack:
-
Exploiting Windows Hello for Business
Here is the recording of my Black Hat Europe 2019 Briefings session about Exploiting Windows Hello for Business:
-
Offline Attacks on Active Directory