2024-04-27 –, Main Room (Ballroom) - Track 1
With passwordless solutions becoming more prevalent within the enterprise, the goal of becoming a phish proof organisation are becoming ever closer. But what risks are introduced with these kinds of solutions?
We will take a deep dive into one of these solutions, the Okta Verify application and it's FastPass feature. We will first cover how Okta Verify and FastPass works followed by a demonstration of persistence vectors available to attackers when an endpoint is compromised that is running Okta Verify. A new tool will be demonstrated that will also be released to the community later in the summer.
Ceri currently works at Pen Test Partners as a Red Team operator and offensive tooling developer. He has contributed and authored several offensive and defensive tools that have been released to the community. He has presented talks at DEF CON and BSides and is looking forward to be returning to talk at his home event, BSides Cymru.