Hook, Line and Sinker: Phishing Windows Hello for Business
Unknown
Black Hat USA 2024 · Day 1 · Briefing
In his Black Hat USA talk, "Hook, Line and Sinker: Phishing Windows Hello for Business," Yuda Smirnov, a red team and security researcher at Accenture Security Israel, delved into the surprising vulnerability he uncovered in what is widely considered a phishing-resistant authentication method. Windows Hello for Business (WHFB) is Microsoft's enterprise-grade extension of Windows Hello, designed to provide strong, multi-factor authentication for cloud applications and services. It leverages hardware-backed security features to protect user credentials, making it a cornerstone of modern identity security strategies.