2025-10-25 –, Track 2 - Virtual World
Chromium browsers on Windows like Chrome and Edge have adopted App-Bound Encryption to protect browser secrets, but attackers are still hungry and always find a way into the cookie jar. This talk dives into the internals of Chromium’s app-bound encryption mechanisms, revealing how a threat actor can extract sensitive data such as cookies and stored passwords while running as either a regular user or with SYSTEM privileges. We’ll walk through multiple proof of concept techniques for stealing browser secrets, highlight opportunities for detection and response, and show how this tradecraft plays out in real world post exploitation scenarios. And because one cookie is never enough, we’ll wrap up with a bonus: using stolen EntraID cookies to pivot into the cloud.
Andrew Gomez is a security professional with a passion for security operations and red teaming. He is currently an Adversary Simulations Consultant at SpecterOps specializing in red teaming and network penetration testing. Andrew previously worked for the Department of Defense.
Antero is an Offensive Cyber Operator with 8 years of experience in cybersecurity. His background spans red teaming, web application and network penetration testing, and custom tool development. With a strong focus on offensive security, Antero has a deep interest in Windows internals and is passionate about building and refining tools that support offensive security operations