Episode
Understand credential security: important things you need to know about storing Your Identity
with Paula Januszkiewicz
Do cached credentials bring any danger? Can we just extract them and crack the password or use the value to do the pass the hash attack? One thing is for sure: Paula and her team made a DPAPI world discovery where they have reverse-engineered this mechanism to tell you right now how it works and if it is safe. What about other places where credentials are stored? Paula will demonstrate the technology weaknesses in credential security and specific misused actions within the operating system. Learn the unexpected places your passwords reside, how the password attacks are performed, the typical paths where credentials can be leaked and how to prevent these by implementing various solutions. This session will be demo heavy.
Do cached credentials bring any danger? Can we just extract them and crack the password or use the value to do the pass the hash attack? One thing is for sure: Paula and her team made a DPAPI world discovery where they have reverse-engineered this mechanism to tell you right now how it works and if it is safe. What about other places where credentials are stored? Paula will demonstrate the technology weaknesses in credential security and specific misused actions within the operating system. Learn the unexpected places your passwords reside, how the password attacks are performed, the typical paths where credentials can be leaked and how to prevent these by implementing various solutions. This session will be demo heavy.
Have feedback? Submit an issue here.