Mike is a Cloud Solutions & Machine Learning Expert at CQURE. He is a data scientist, solution architect, developer and consultant. Mike designs and implements solutions for Databases, data analysis and natural language processing. He is interested in Big data, High Availability and real-time analytics especially when combined with machine learning and artificial intelligence or NLP. He has recently defended his PhD thesis in which he combined academic knowledge, professional experience and strong technical skills. Mike also has wide experience as a speaker and trainer and every time he brings down the house!
Lessons from the Field: Vulnerabilities in Credentials & How to Fix Them
Predavanje je v angleškem jeziku.
What are the places where credentials are stored? It is that easy to reveal them? Wherever and whenever you enter your password in the password field, there is at least one mechanism that must know it to use it later for the designed purpose. What is the risk to experience identity theft in the typical infrastructure? Could we rely on the identity in the cloud? Do cached credentials bring any danger? Can we just extract them and crack the password or use the value to do the pass the hash attack? One thing is for sure: Mike and CQURE team made a DPAPI world discovery where they have reverse-engineered this mechanism to tell you right now how it works and if it is safe. Mike will demonstrate the technology weaknesses in credential security and specific misused actions within the operating system. You will learn the unexpected places your passwords reside, how the password attacks are performed, the typical paths where credentials can be leaked and how to prevent these by implementing various solutions. This session will be demo heavy!