BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//pretalx//pretalx.com//hack-lu-2024//speaker//R9TNBR
BEGIN:VTIMEZONE
TZID:CET
BEGIN:STANDARD
DTSTART:20001029T040000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10
TZNAME:CET
TZOFFSETFROM:+0200
TZOFFSETTO:+0100
END:STANDARD
BEGIN:DAYLIGHT
DTSTART:20000326T030000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=3
TZNAME:CEST
TZOFFSETFROM:+0100
TZOFFSETTO:+0200
END:DAYLIGHT
END:VTIMEZONE
BEGIN:VEVENT
UID:pretalx-hack-lu-2024-WM93CN@pretalx.com
DTSTART;TZID=CET:20241023T140000
DTEND;TZID=CET:20241023T143000
DESCRIPTION:Passwords have long been a foundational element of cybersecurit
 y\, but they remain vulnerable to various attacks aimed at acquiring user 
 credentials. Password management software (PM) has emerged as a key defens
 e\, yet misconfigurations and user errors can still result in data leaks. 
 This presentation introduces a new red teaming tool\, Pandora\, capable of
  extracting credentials from 18 popular PM implementations\, including des
 ktop applications\, browsers\, and browser plugins. Pandora requires the P
 M to be active to dump its processes and analyzing them for user credentia
 ls.  Although this vulnerability is not new\, Pandora represents the first
  public tool to exploit it\, emphasizing the need for the pentesting commu
 nity to advocate for stronger protections from vendors to secure user cred
 entials. Additionally\, only two vendors have acknowledged the problem\, w
 ith one CVE ID (CVE-2023-23349) reserved for Kaspersky.
DTSTAMP:20260306T105820Z
LOCATION:Europe - Main Room
SUMMARY:I Need Access: Exploit Password Management Software To Obtain Crede
 ntial From Memory - Efstratios Chatzoglou
URL:https://pretalx.com/hack-lu-2024/talk/WM93CN/
END:VEVENT
END:VCALENDAR