Efstratios Chatzoglou
Efstratios Chatzoglou received the M.Sc. degree in Security of Information and Communication Systems from the University of the Aegean, Samos, Greece. He has worked for more than 3 years in the field of cybersecurity. Currently, he is a Penetration Tester with Memorandum, and a PhD candidate at the University of the Aegean. He has identified more than 25 different CVE IDs from well-known vendors, like ASUS, MediaTek, Netgear, Huawei, LiteSpeed, etc. The most recent one is the CVE-2023-23349 from Kaspersky. He has published more than 15 research papers in well-known conferences and academic journals.
Session
Passwords have long been a foundational element of cybersecurity, but they remain vulnerable to various attacks aimed at acquiring user credentials. Password management software (PM) has emerged as a key defense, yet misconfigurations and user errors can still result in data leaks. This presentation introduces a new red teaming tool, Pandora, capable of extracting credentials from 18 popular PM implementations, including desktop applications, browsers, and browser plugins. Pandora requires the PM to be active to dump its processes and analyzing them for user credentials. Although this vulnerability is not new, Pandora represents the first public tool to exploit it, emphasizing the need for the pentesting community to advocate for stronger protections from vendors to secure user credentials. Additionally, only two vendors have acknowledged the problem, with one CVE ID (CVE-2023-23349) reserved for Kaspersky.