Mastodawn

Today at 15:00 CET #YellowHat will start. It's a free live streamed conference around Microsoft Security and we have amazing speakers and topics lined up for you.

Register now to reserve your free spot.

https://yellowhat.live

#XDR #EDR #Defender #Microsoft #Security

Yellowhat

Yellowhat is a cutting-edge cybersecurity event dedicated to Microsoft Security Technology, offering advanced deep-dive sessions (level 400+) for seasoned professionals. It brings together experts and innovators to explore the latest tools, techniques, and strategies in securing digital environments. At Yellowhat, you’ll gain actionable insights, connect with industry leaders, and elevate your cybersecurity expertise to new heights.

Yellowhat

ll

Mar 7, 2025

#yellowhat conference was super interesting. Great potential for the BlueTeam community running the MS stack. Congrats to the organisers and presenters, it was very smooth for a first event. Looking forward next year hopefully.
https://yellowhat.live/about/
@fabian_bader @thomasnaunheim #YellowHat

About - Yellowhat

Yellowhat

Show thread

Jeffrey Mar 6, 2025

#yellowhat is ending with starting a live demo after the end of the session. Bold move!

Show thread

Jeffrey Mar 6, 2025

Now he is demonstrating a leak of the Primary Refresh Token via RDP, if the system you connect to has no TPM. 🫠

Also, this is normally bound to the device, but he demonstrated a (now mostly fixed) attack.

This can still be done with some caveats, but that went a bit too quickly for me. #yellowhat

Show thread

Jeffrey Mar 6, 2025

Dirk-Jan Mollema just demonstrated a new method of gaining persistance - just pretend you’re doing Windows Hello for Business enrollment.

He is chaining a regular phish (modified to authenticate to the MS Authentication Broker app), to upgrade the Refresh Token to a PRT, then a device join, then a WHfB key. 🫨

He already updated ROADtools to reproduce this: https://github.com/dirkjanm/ROADtools

All intended uses of course, says Microsoft. #yellowhat

GitHub - dirkjanm/ROADtools: A collection of Azure AD/Entra tools for offensive and defensive security purposes

A collection of Azure AD/Entra tools for offensive and defensive security purposes - dirkjanm/ROADtools

GitHub

Show thread

Jeffrey Mar 6, 2025

Not much to toot about honestly. It’s fun and very interesting!

The research done by Thomas Naunheim was very deep, but good. There were some ‘shallow’ sessions from Microsoft (although I was not aware of Automatic Attack Disruption!), and now waiting on Dirk-Jan Mollema’s talk about his new research on WHfB abuse. #yellowhat

Show thread

Jeffrey Mar 6, 2025

The livestream seems to be public! You can find the livestream on Twitch or embedded here: https://yellowhat.live/live/ #yellowhat

Livestream - Yellowhat

Yellowhat

Jeffrey Mar 6, 2025

I am going to Yellowhat this afternoon. For those who don't know, it's a conference with expert-level talks about Microsoft security. I am especially curious about the new research Dirk-Jan Mollema did on Windows Hello for Business abuse.

There's going to be a livestream too, as the in-person tickets are sold out. I'll be tooting about the conference with the hashtag #yellowhat, so if you don't want to know anything about MS, just mute me or the hashtag. :)

Yellowhat

Yellowhat is a cutting-edge cybersecurity event dedicated to Microsoft Security Technology, offering advanced deep-dive sessions (level 400+) for seasoned professionals. It brings together experts and innovators to explore the latest tools, techniques, and strategies in securing digital environments. At Yellowhat, you’ll gain actionable insights, connect with industry leaders, and elevate your cybersecurity expertise to new heights.

Yellowhat

Gemma Hentsch Feb 26, 2025

Walking on the beach

#WalkingOnTheBeach #AwesomeTrousers #YellowHat

#disabledphotographer
#tamron18300mm
#sonya6400

Fabian Bader Feb 21, 2025

🛡️If you work with any Microsoft Security product #YellowHat is the conference for you.
Technical deep dives, no marketing, and an amazing speaker lineup.

Register today to join the livestream for free on https://yellowhat.live/

#XDR #MDE #MDI #Sentinel

Yellowhat

Yellowhat is a cutting-edge cybersecurity event dedicated to Microsoft Security Technology, offering advanced deep-dive sessions (level 400+) for seasoned professionals. It brings together experts and innovators to explore the latest tools, techniques, and strategies in securing digital environments. At Yellowhat, you’ll gain actionable insights, connect with industry leaders, and elevate your cybersecurity expertise to new heights.

Yellowhat