The Attacker's Guide to SSO and Passwordless Technologies
Today, Passwordless and SSO solutions have become extremely popular ' mostly due to the way they are able to balance convenience and security. But what do these trends mean for attackers? As security professionals, it's important for us to know how these technologies have changed the attack surface and how new attack methods can impact the security evolution of organizations. While Passworldless and SSO are both good security practices, they aren't bulletproof. Motivated attackers, leveraging new vectors, can still find their way into an organization's network. In this session, we'll review two of the most popular solutions ' Windows Hello and Browser SSO in Hybrid Azure environments and see a few possible attack methods that could compromise these technologies. The good news is that there are steps organizations can take to mitigate these threats. This session will also include demos and actionable takeaways for mitigating these threats.