Breaking

Windows Hello for Business – Faceplant: Planting Biometric Templates

We are back from Black Hat USA, where we presented our research on Windows Hello for Business (Slides) once more. In the last two blog posts, we have discussed the architecture of WHfB and past attacks, as well as how the database works and how to swap identities in the database.

Continue reading “Windows Hello for Business – Faceplant: Planting Biometric Templates”

Continue reading
Events

#TROOPERS25 AD & Entra ID Security Track

The #TROOPERS25 ‘AD & Entra ID Security’ track was a blast – as was the whole conference 😉 –  bringing together some of the smartest researchers in the field and a great audience of practitioners willing to share their experiences during the roundtable. The slides of the talks have been released in the interim on the TROOPERS website, but since many speakers published additional blogposts or released tools, we provide a compilation of resources from the track in the following.

See you folks next year at #TROOPERS26!

Continue reading “#TROOPERS25 AD & Entra ID Security Track”

Continue reading
Breaking

Windows Hello for Business – The Face Swap

In the last blog post, we discussed the full authentication flow using Windows Hello for Business (WHfB) with face recognition to authenticate against an Active Directory with Kerberos and showcased existing and new vulnerabilities. In this blog post, we dive into the architectural challenges WHfB faces and explore how we can exploit them.

Continue reading “Windows Hello for Business – The Face Swap”

Continue reading
Misc

Windows Hello for Business – Past and Present Attacks

Windows Hello for Business is a key component of Microsoft’s passwordless authentication strategy. It enables user authentication not only during system sign-in but also in conjunction with new and advanced features such as Personal Data Encryption, Administrator Protection, and Recall. Rather than depending on traditional passwords, Windows Hello leverages a PIN or biometric methods – such as fingerprint or facial recognition – to unlock cryptographic keys protected by the Trusted Platform Module (TPM).

Continue reading “Windows Hello for Business – Past and Present Attacks”

Continue reading
Misc

A Follow-Up on the Heisec Webinar on Emotet & Some Active Directory Security Sources

Some weeks ago, Heinrich and I had the pleasure to participate in the heisec-Webinar “Emotet bei Heise – Lernen aus unseren Fehlern”. We really enjoyed the webinar and the (alas, due to the format: too short) discussions and we hope we could contribute to understand how to make Active Directory implementations out there a bit safer in the future.

Continue reading “A Follow-Up on the Heisec Webinar on Emotet & Some Active Directory Security Sources”

Continue reading
Building

DirectoryRanger 1.5.0 Is Available

The next major release of DirectoryRanger is now available for customers, and for everyone who would like to try it ;-). Current attacks show that quite often the topic of Active Directory Security is not on the security agenda, but it should be, and this was the reason for us to build the tool and, of course, to maintain and improve it. So what are the major new features released with DirectoryRanger 1.5.0? Here we go:

Continue reading “DirectoryRanger 1.5.0 Is Available”

Continue reading