Do cached credentials bring any danger? Can we just extract them and crack the password or use the value to do the pass the hash attack? One thing is for sure: Paula and her team made a DPAPI world discovery where they have reverse-engineered this mechanism to tell you right now how it works and if it is safe. What about other places where credentials are stored? Paula will demonstrate the technology weaknesses in credential security and specific misused actions within the operating system. You will learn the unexpected places your passwords reside, how the password attacks are performed, the typical paths where credentials can be leaked and how to prevent these by implementing various solutions. This session will be demo heavy!
English, Identity, Information Protection, IT Influencers and Implementers, Level: 300, Line of Business apps, Security, Security & Trust, Session 2019, Threat Management, Threat Protection