• When the Red Team Goes Passwordless

    Med: Hasain Alshakarti och Carlo Alberto Scola, Principal Cyber Security Advisor respektive Penetration Tester and Cyber Security Consultant på Truesec

    Modern IT environments offer passwordless authentication to improve security and improves user experience. Certificate and key-based authentication does not only makes the user’s life easier, it also gives the offensive side an excellent opportunity to obtain versatile credentials and be more stealthy.

    This technical session will provide detailed demos and discussions about the different attacks using certificate- and key-based authentication in a Windows environment ranging from certificate services misconfigurations and abuse to Windows Hello for Business keys and sessions.

    Taggning: Cyber Security and Cloud, Datacenter

    Om: Hasain Alshakarti och Carlo Alberto Scola

    Hasain, also known as “the Wolf”, is an industry-leading cyber security expert with more than 20 years of experience.

    He has extensive and deep expertise from numerous design projects, security audits, advanced implementation projects, incident response, threat hunting and penetration testing. He helps customers unerstand and build solutions to protect, detect and respond to cyber threats for enterprises, government agencies, banks, military organizations among others.

    Hasain is a sought-after advisor, speaker and a popular instructor. For his many achievements over the years, Hasain has been awarded recognition as “Sweden’s leading IT security expert” and Microsoft MVP in Enterprise Security and Cloud & Datacenter.

     

    Carlo Alberto is a cyber security expert at Truesec with strong focus on web application security and infrastructure penetration testing. He also takes part in red team exercises where he likes to improve EDR evasion and lateral movements techniques. Carlo helps customers defend and secure their environment by doing extensive and thorough security assessments. Needless to say, he really enjoys challenges, knowledge sharing and social events with the security community.