You must log in or register to comment.
That’s scary, I use Bitwarden. But it sounds like for this to work the attacker needs to have already compromised the organization’s domain controller and the user needs to have enabled biometrics, which I never do.
Saw this too then after reading, I realized it was compromised on a Windows system I only use Linux.
Yea. I stopped reading after “Windows Hello”.
The article completely dismissed the process of compromising the domain controller for reasons that aren’t clear to me, but they are clearly trying to say that it was so easy they consider it SOP as a first step for pen testing.
