Interesting <3

An interesting dude <3

Great talk thank you! It makes me wonder... why would an attacker would be unable to ask the tang server to encrypt some data and use the response to get the tang private key in order to decrypt their target?

Great talk Alice, thanks!

Hi, thank you for the presentation. I have one small comment here: kzbin.info/www/bejne/fGXHc3imi8-Cq6s - I think origin and relaying party id are hashed but NOT signed at that point, right? Besides that I have one question about registration. What kind of signature did you mean at kzbin.info/www/bejne/fGXHc3imi8-Cq6s? I'm asking because, I think during registration ceremony, the data that comes back from the authenticator (such as origin, relaying party id, challenge) is NOT signed by the public/private key. They may be signed if the attestation is used and they would be signed by attestation credential. But, I think people usually use "none" attestation method (to not prompt for user's agreement in the web browser) and then authenticator responds with empty "response.attestation_object.att_stmt" field. I checked the official documentation and I don't see any other step with reliable verification (besides "response.attestation_object.att_stmt") of data on the relaying party side during registration ceremony. So, I think that with "none" attestation method, we can not trust that the data sent back from the authenticator to the relaying party during registration ceremony is integral. For example, inspired by your debugging on webauthn.io/, I tested this case in JS console there. I was able to change the challenge in JS console, just before sending it to the authenticator. Afterwards I changed the response (I updated only the challenge without touching the public key) from the authenticator just before sending it to the back-end. The response was accepted. So, in the other words, I was able to send fake challenge to the authenticator. I believe I would be able to use a stale response from the authenticator just by replacing the challenge in that response., etc. Or, without signed origin, user could successfully register their authenticator in relaying party via my fake site (as I as man-in-the-middle could replace the origin before sending it to the real relaying party, without having to change other part of the data). Of course, this is true only during registration, as during authentication ceremony the data is signed by the private key. But during your presentation it sounded like this data is always signed. Maybe I'm missing something? thanks

Robert Winkel is my Dad🙋‍♂️ look at my last name

Shoutout to my American University friends!

insanely dank aussie dude spitting tha truth

I keep coming back to this video. It's pure awesomeness. Thank you!

Very nice talk about EDR Mechanisms, learned a lot, thx!

great talk and thanks so much for educating us newbies happy hacking

I have experience in IDA PRO - but I want to learn about this

I found your explanation to be helpful, but WE NEED TO SEE YOUR SCREEN!!! Also links to the references you mention.

Hey There, I really like this presentation. Are the slides shared anywhere?

user: context NTLM: 17b6c6ef9b7f3a6e1f0727789c27988d. TIME: 48:29

This is an amazing talk that needs to be shared more it sucks that this is an issue but I see it all the time and I will be calling it out from now on

Thank you !

Well done Jess. This needs to be said, it needs to be listened to, and it needs to change.

Yeah I'd rather watch his face while he types commands and describes things on the screen too

This was very entertaining.

okay, this is epic

the best

nice

Https://github.com/aussieklutz/hd-mitm/ for the project files.

Winner winner, chicken dinner! :D

Starts at 0:00 ;D 7:40 Gunter Ollmann - Cloud effects on security professionals *Edited with adjusted times

Guy seams more like a comedian then a lock picker!!

Audio is a let down.

would love see the keylogger one

Great Vid!