Getting Rid of Passwords with FIDO2 and W3C WebAuthn
Active Directory Database Security
A Look Inside a Pass-the-PRT Attack
Like an NT hash (AKA NTLM hash AKA MD4 hash) and a Kerberos ticket, a Primary Refresh Token (PRT) can be passed in an attack. Mimikatz author Benjamin Delpy and Dirk-jan Mollema have both released detailed research and code showing how attackers could Pass-the-PRT to perform the lateral movement to the cloud.
I have recorded a short demo of the Pass-the-PRT Attack:
Exploiting Windows Hello for Business
Here is the recording of my Black Hat Europe 2019 Briefings session about Exploiting Windows Hello for Business:
Offline Attacks on Active Directory