Detecting non-privileged Windows Hello abuse

Detecting non-privileged Windows Hello abuse

I recently followed a live session of Dirk-Jan Mollema and Ceri Coburn on how Windows Hello for Business can be abused as a non-privileged user. I was very intrigued by the concept of the attack they demonstrated, which is why a spend a couple of days thinking of ways how we can counter this attack with detective controls as blue teamers.
20 min read
Windows Hello Detection Engineering WDAC MDE