Julien Bedel
Red Teamer & Security Researcher
Orange Cyberdefense
Julien is a French ethical hackr working at Orange Cyberdefense. With a background in software engineering, he is an active open-source contributor to various well-known and has presented his research at major European conferences.
Speaker sessions
Is Your Vault Safe? Uncovering Immutable Attacks Targeting Password Managers
With essential features like identity-based access control and cloud hosting, web password managers are being increasingly adopted in corporate environments, protecting credentials for millions of users.As a direct response to this shift, a new generation of malware, such as Raccoon and Meduza stealers, is beginning to target software like Bitwarden and Lastpass.For defenders to better understand how these type of malware operate, we will take the example of Bitwarden, a widely adopted open-source password manager. Our goal is to demonstrate a generic approach to password extraction, applicable to virtually any software on the market. This exploration will cover exclusive attack techniques ranging from malicious browser extensions to Chromium function hooking, as well as many other new techniques.While these techniques are almost impossible to prevent, we will share practical recommendations for a defense-in-depth strategy.To conclude, we will unveil PwnWarden, an open-source tool designed to help security professionals emulate password managers discovery and secret extraction in a corporate environment.
- 13:00
- Tue
- 02 Dec
Stage:
Briefings 2
Sessions Type:
Presentation