BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//pretalx//cfp.troopers.de//tr26-cfp//talk//QSHKUT
BEGIN:VTIMEZONE
TZID:CET
BEGIN:STANDARD
DTSTART:20001029T040000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10
TZNAME:CET
TZOFFSETFROM:+0200
TZOFFSETTO:+0100
END:STANDARD
BEGIN:DAYLIGHT
DTSTART:20000326T030000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=3
TZNAME:CEST
TZOFFSETFROM:+0100
TZOFFSETTO:+0200
END:DAYLIGHT
END:VTIMEZONE
BEGIN:VEVENT
UID:pretalx-tr26-cfp-QSHKUT@cfp.troopers.de
DTSTART;TZID=CET:20260624T151500
DTEND;TZID=CET:20260624T161500
DESCRIPTION:Identity-related attacks remain a critical threat\, with over 9
 7% involving password spraying or brute force attempts. While multi-factor
  authentication (MFA) mitigates most of these\, the remaining incidents—
 predominantly token theft via malware—account for more than 2.4% and are
  on the rise. Stolen tokens enable immediate\, potentially persistent acce
 ss to organisational resources. The Primary Refresh Token (PRT) combined w
 ith the Session Key (SK) allows impersonation of both users and endpoints.
 \n\nEndpoints lacking a Trusted Platform Module (TPM) are particularly vul
 nerable\, as administrator privileges can facilitate trivial PRT and SK th
 eft. Although TPM is required for Windows 11\, many Windows 10 devices and
  servers remain unprotected.\n\nThis session explores the mechanics of TPM
  in safeguarding device identity and SK. Red Teamers will gain insights in
 to dissecting TPM and PRT implementations for offensive strategies\, while
  Blue Teamers will learn techniques to detect both successful and attempte
 d PRT thefts.
DTSTAMP:20260510T030741Z
LOCATION:Track 2
SUMMARY:Trusted by Design: How Windows Uses TPM to Secure PRTs - Dr Nestori
  Syynimaa
URL:https://cfp.troopers.de/tr26-cfp/talk/QSHKUT/
END:VEVENT
END:VCALENDAR