Paula Januszkiewicz is the IT Security Auditor and Penetration Tester, Enterprise Security MVP and trainer (﴾MCT)﴿ and Microsoft Security Trusted Advisor. She is also a top speaker at many well-‐known conferences including TechEd North America, TechEd Europe, TechEd Middle East, RSA, TechDays, CyberCrime, etc., and is often rated as number-‐one speaker. Paula is engaged as a keynote speaker for security related events and she writes articles on Windows Security. She drives her own company CQURE, working on security related issues and projects. Paula has conducted hundreds of IT security audits and penetration tests, including those for governmental organizations. Her distinct specialization is definitely on Microsoft security solutions in which she holds multiple Microsoft certifications, besides being familiar with and possessing certifications in other related technologies. Paula is passionate about sharing her knowledge with others. In private, she enjoys researching new technologies, which she converts to authored trainings. She wrote a book about Threat Management Gateway 2010, and is working on her next book. She has access to a source code of Windows! Every year she makes over 200 flights (﴾2013 -‐ 248)﴿ to gain more and more experience, provides penetration tests and consults Customers about how to secure their infrastructures.
Credentials Security: Important Things You Need to Know about Storing Credentials
- Stopnja 300
18. maj 2016 10:15
Do cached credentials bring any danger? Can we just extract them and crack the password or use the valueto do the pass the hash attack? One thing is for sure: Paula and her team made a DPAPI world discovery where they have reverse-engineered this mechanism to tell you right now how it works and if it is safe. What about other places where credentials are stored and what are the best practices for avoiding passwords issues and preventing different attacks? During this session, Paula will touch on: the technology weaknesses and situations where o take passwords from the operating system to perform several operations, the unexpected places your passwords reside and how the password attacks are performed and the typical paths for credentials to leak. This session will be heavily demo focused and it is the one you do not want to miss!