Braving the Storm-2372: The Tempest Decoded
Jenko Hwong
Cloud Village @ DEF CON 33 · Day 1 · Cloud Village
Jenko Hwong's Cloud Village talk, "Braving the Storm-2372: The Tempest Decoded," provides a critical and in-depth analysis of the Microsoft-attributed Storm-2372 attack campaign. While Microsoft's February 2023 update initially highlighted **device code phishing**, Hwong argues that the true severity and underlying mechanisms of the attack, particularly the **Primary Refresh Token (PRT) hijack** and **device registration abuse**, were significantly downplayed and largely overlooked by the wider security community. This oversight is particularly concerning given that the core techniques had been publicly documented by researcher Dirk-Jan since late 2021.
AI review
Hwong does real work here — he takes Microsoft's watered-down Storm-2372 advisory, strips it down to the actual mechanics (PRT hijack, device registration abuse, Windows Hello key persistence), and makes the case that the community got handed a press release when it needed a threat model. The talk is grounded in Dirk-Jan's prior art and Hwong's own hands-on reproduction, not vibes.