TROOPERS26 – Heidelberg

I will be speaking at TROOPERS26 in Heidelberg, Germany, from June 22–26, 2026, in the new Active Directory & Entra ID Security track. My session, KDS Root Keys: All Secrets Finally Revealed, will dive into online and offline attacks against virtually every use case of KDS Root Keys, including:

  • Decryption of volumes with BitLocker SID Protector enabled.
  • Exporting RSA private keys from group-protected PFX files.
  • Extracting DNSSEC signing keys (ZSK and KSK) from Active Directory.
  • Recovering ASP.NET Core database connection strings.
  • Bulk export of Windows LAPS and DSRM passwords.
  • Generation of gMSA and dMSA passwords offline.

The session also covers a newly discovered universal attack against DPAPI-NG SID protectors, allowing any application-encrypted secret to be unlocked without application-specific decryptors.

See you in Heidelberg!