How Phishing Resistant Credentials Work with Mark Morowczynski and Tarek Dawoud | 55

Click here to send us your ideas and feedback on Blueprint!

Mark Morowczynski returns for his 4th(!) time with his Microsoft coworker and identity and authentication expert Tarek Dawoud in this incredibly insightful conversation on the what, why, and how of phishing resistant credentials that YOU can implement right now!

This conversation covers:

• What makes MFA phishable?
• What phishing resistant credentials are and how they work
• The history and modern methods for phishing resistant credentials
• What attacks will be used once we move to phishing resistant credentials, and how to prevent and detect it
• How verified digital identities and corporate identification can help further reduce risk of help desk based attacks
• Shifting the culture to adopt a passwordless login
• Key logs to detect identity attacks
• Resources for learning KQL

Episode links:

• Tarek Explains Phishing Resistant Authentication: https://www.youtube.com/watch?v=3wtwUh6iyxY
• Microsoft Digital Defense Report: https://www.microsoft.com/en-us/security/security-insider/intelligence-reports/microsoft-digital-defense-report-2024
• Nuance: https://www.nuance.com/index.html
• Book - The Definitive Guide to KQL: https://www.microsoftpressstore.com/store/definitive-guide-to-kql-using-kusto-query-language-9780138293383
• KQL Github Repo: github.com/kqlmspress
• Kusto Detective Agency: https://detective.kusto.io/

Connect with John:

• LinkedIn
• Take A Training Course with John

SOC Analyst and Leadership Training Courses:

• SEC450: Blue Team Fundamentals - Security Operations and Analysis
• LDR551: Building and Leading Security Operations Centers

SANS:

• Cyber Defense Course List
• Upcoming Training Events
• Free tools, VMs, cheat sheets and more for cyber defender