Antero Guy
Antero is an Offensive Cyber Operator with 8 years of experience in cybersecurity. His background spans red teaming, web application and network penetration testing, and custom tool development. With a strong focus on offensive security, Antero has a deep interest in Windows internals and is passionate about building and refining tools that support offensive security operations
X/Twitter
NA
Session
Chromium browsers on Windows like Chrome and Edge have adopted App-Bound Encryption to protect browser secrets, but attackers are still hungry and always find a way into the cookie jar. This talk dives into the internals of Chromium’s app-bound encryption mechanisms, revealing how a threat actor can extract sensitive data such as cookies and stored passwords while running as either a regular user or with SYSTEM privileges. We’ll walk through multiple proof of concept techniques for stealing browser secrets, highlight opportunities for detection and response, and show how this tradecraft plays out in real world post exploitation scenarios. And because one cookie is never enough, we’ll wrap up with a bonus: using stolen EntraID cookies to pivot into the cloud.