Over the past three years, passkeys have gained widespread adoption among major vendors like Apple, Google, and Microsoft, aiming to replace passwords with a more secure authentication method. However, passkeys haven't yet faced the extensive scrutiny that passwords have endured over decades. As they become central to enterprise identity, it's crucial to examine their resilience.

This webinar expands on the SquareX team's research presented on the DEF CON 33 main stage, demonstrating how passkey authentication can be subverted. Led by Lead Researcher and Principal Software Engineer Shourya Pratap Singh, you'll learn the underlying theory, observe the full attack chain via live demonstrations and discover how to prevent passkey abuse in your organization.

Shourya Pratap Singh is responsible for building SquareX's security-focused extension and conducts research on countering web security risks. As a rising figure in cybersecurity, Shourya has presented his work on global stages including the DEFCON main stage, Recon Village, and Adversary Village, as well as at Black Hat Arsenal EU. He has also delivered several workshops at prestigious events such as the Texas Cyber Summit. Shourya earned his bachelor's degree from IIIT Bhubaneswar and holds a patent. His professional interests focus on strengthening the security of browser extensions and web applications.

SquareX’s industry-first Browser Detection and Response (BDR) solution empowers organizations to proactively detect, mitigate, and threat-hunt client-side web attacks including malicious browser extensions, advanced spearphishing, browser-native ransomware, genAI DLP, and more.
Unlike legacy security approaches and cumbersome enterprise browsers, SquareX seamlessly integrates with users' existing consumer browsers, ensuring enhanced security without compromising user experience or productivity.

Passkeys Pwned: Turning WebAuthn Against Itself

Speaker

Shourya Pratap Singh

Secure Any Browser, Any Device