All technologies and systems currently use cryptography and most use certificates at some point. Since their boom, internal PKI systems have not changed a lot nor have the problems that we observe during almost all pentests. It’s time to revise your knowledge about one of the cornerstones of enterprise security and learn a few tricks that attackers are using to spoof any identity. What are common pitfalls and mistakes that can lead to full breach of trust in your systems? Where are hidden certificates in Windows infrastructure, how are they used and by whom? How do Azure Information Protection, Windows Hello for Business and other modern technologies rely on Certificates and their security? Brace yourself, this will be demo intense.
