Sometimes I talk in public. I enjoy sharing knowledge 🤓.


The Kerberos Key List attack: The return of the Read Only Domain Controllers

Ekoparty Security Conference. Buenos Aires, Argentina

Microsoft wants Azure everywhere and following that premise, the company has implemented several features in this platform. From an authentication point of view, the most interesting ones are the passwordless scenarios. A short time ago, Microsoft released a new functionality that enables passwordless authentication with security keys in Azure environments. This offers us a seamless SSO experience, but under the hood there is something else: the return of the Read Only Domain Controllers. In this talk I’ll introduce a new attack vector against the RODCs using the Kerberos Key List request messages.

The art of war of Browser Fingerprinting

Ekoparty Security Conference (BlueSpace). Buenos Aires, Argentina

Coauthor: @florencia_rao

Browser fingerprinting is a technique that can be used to uniquely identify users or devices via a website. It can be used for good, in authentication schemes, or for bad, in tracking systems. This situation started an arms race between browsers and those who use fingerprinting to identify users.

Being the good guys, what strategy do we use to continue to identify our legitimate users? How can we maximize the effectiveness of this technique?