Modern IT environments offer passwordless authentication to improve security and improves user experience. Certificate and key-based authentication does not only makes the user's life easier, it also gives the offensive side an excellent opportunity to obtain versatile credentials and be more stealthy.

This technical session will provide detailed demos and discussions about the different attacks using certificate- and key-based authentication in a Windows environment ranging from certificate services misconfigurations and abuse to Windows Hello for Business keys and sessions.