Hi [[ session.user.profile.firstName ]]

Root Causes Episode 180: PetitPotam MSCA Attack

The PetitPotam attack against Microsoft CA has garnered a lot of attention. Our hosts describe this attack and define related terms like Mimikatz, pass-the-hash, and NTLM Relay. The episode goes on to give a roadmap for mitigating this attack , including free resources available to help defend against PetitPotam.
Recorded Sep 15 2021 13 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Tim Callan, Senior Fellow at Sectigo & Jason Soroko, CTO of PKI at Sectigo
Presentation preview: Root Causes Episode 180: PetitPotam MSCA Attack

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Cloud or On-Premise: Updating Assumptions on Secure Certificate Management Oct 28 2021 3:00 pm UTC 60 mins
    Tim Callan, Chief Compliance Officer at Sectigo & Jason Soroko, CTO of PKI at Sectigo
    Recent cyber threats like the PetitPotam relay attack on Microsoft, the SolarWinds supply chain compromise, and countless others have put a bright spotlight on the age-old debate: Is the cloud as secure as an on-premise infrastructure? As enterprises are targeted with increasingly sophisticated on-premise breaches – despite firewalls and other roadblocks – it is clear data center proximity does not equal impenetrable protection. Tim Callan and Jason Soroko explain the benefits of a cloud-based approach to security and why certificate-based authentication between all systems is critical to securing enterprises today and tomorrow.
  • Root Causes Episode 182: Let's Encrypt Root Expiration Recorded: Oct 19 2021 26 mins
    Tim Callan, Senior Fellow at Sectigo & Jason Soroko, CTO of PKI at Sectigo
    Let's Encrypt's recent root expiration caused widespread service outages and other hassles for online services and sites. Our hosts discuss this expiration, why so many problems resulted, and the recipe for avoiding these problems in the future.
  • Applying the best Zero Trust principles to modern network architecture Recorded: Sep 22 2021 48 mins
    Tim Callan, Chief Compliance Officer at Sectigo & Jason Soroko, CTO of PKI at Sectigo
    Recent cyberattacks have shown that security perimeters are not unbreachable and that all network connections, both inside and outside the enterprise, should be considered potentially hostile. Tim Callan and Jason Soroko explain how Sectigo views the Zero Trust Network Architecture and how certificate-based authentication is essential to implementing the secure enterprise of today and tomorrow.
  • Root Causes Episode 181: Limitation of DVC Through Website Changes Recorded: Sep 17 2021 14 mins
    Tim Callan, Senior Fellow at Sectigo & Jason Soroko, CTO of PKI at Sectigo
    This December will see a meaningful change in how CAs are allowed to conduct Domain Control Validation (DCV) using the method known as https token or file authentication or agreed up on change to web site. This method will be removed as an option for "domain spaces" including wildcards and subdomains. Join our hosts as they explain how DCV works and how the rules are changing and why. And we clarify the available options for those changing their preferred DCV methods.
  • Root Causes Episode 180: PetitPotam MSCA Attack Recorded: Sep 15 2021 13 mins
    Tim Callan, Senior Fellow at Sectigo & Jason Soroko, CTO of PKI at Sectigo
    The PetitPotam attack against Microsoft CA has garnered a lot of attention. Our hosts describe this attack and define related terms like Mimikatz, pass-the-hash, and NTLM Relay. The episode goes on to give a roadmap for mitigating this attack , including free resources available to help defend against PetitPotam.
  • Root Causes Episode 179: Standards for Certificates Apart from SSL Recorded: Sep 13 2021 15 mins
    Tim Callan, Senior Fellow at Sectigo & Jason Soroko, CTO of PKI at Sectigo
    Regular followers of this podcast hear a great deal about SSL, the CA/Browser Forum, and the standards governing public SSL. But SSL is not the only regulated type of public digital certificate. There are also things like S/MIME, eIDAS, code signing, document signing, and SSH certificates. In this episode our hosts discuss these "other" certificate types and the rules and regulations governing them.
  • Root Causes Episode 177: What is Passwordless? Recorded: Sep 8 2021 20 mins
    Tim Callan, Senior Fellow at Sectigo & Jason Soroko, CTO of PKI at Sectigo
    A hot, new topic in the identity space is passwordless. Join our hosts as they explain credential form factors and offer a specific definition of passwordless, including the difference between PINs and passwords.
  • Root Causes Episode 176: Introducing State-Locality Exclusivity Recorded: Sep 3 2021 27 mins
    Tim Callan, Senior Fellow at Sectigo & Jason Soroko, CTO of PKI at Sectigo
    Sectigo is implementing an important change to its public-facing SSL certificate business, which we call State-Locality Exclusivity. This change removes a the localityName field, a very common field in SSL certificates. In this episode our hosts explain what the localityName field is, why we are removing it, and how this change is to the benefit of SSL Subscribers and Relying Parties.
  • Root Causes Episode 175: What is a Linter? Recorded: Sep 2 2021 21 mins
    Tim Callan, Senior Fellow at Sectigo & Jason Soroko, CTO of PKI at Sectigo
    Linters have been a standard programming tool for more than four decades. This venerable coding tool has recently taken on new significant in the world of public certificates. In this episode our hosts explain linters and how they are applied to SSL certificates.
  • Root Causes Episode 174: Windows 11 and TPMs Recorded: Aug 30 2021 17 mins
    Tim Callan, Senior Fellow at Sectigo & Jason Soroko, CTO of PKI at Sectigo
    Microsoft has announced that its upcoming Windows 11 release will require TPM 2.0 support at a minimum. TPM 2.0 enables more modern hashing and encryption algorithms than previous versions. Our hosts discuss the implications of this announcement.
  • Root Causes Episode 173: Whitelisting and Blocklisting Recorded: Aug 27 2021 19 mins
    Tim Callan, Senior Fellow at Sectigo & Jason Soroko, CTO of PKI at Sectigo
    Whitelisting and blocklisting are tried and true elements of the computer industry. In this episode our hosts define whitelisting and blocklisting and the pros and cons of either, with lots of examples from the real world. We discuss fuzzy entities, the scaling problem, layered defenses, and the trouble with active attackers.
  • Root Causes Episode 172: What is an NFT? Recorded: Aug 25 2021 17 mins
    Tim Callan, Senior Fellow at Sectigo & Jason Soroko, CTO of PKI at Sectigo
    If you have paid any attention at all to popular media in the past few months, you will have heard about non-fungible tokens, or NFTs. NFTs are a method of uniquely identifying a digital asset using blockchain technology, and they are big news in the art and media world. Join our hosts as they explain the difference between fungible and non-fungible tokens, how NFTs work, and the significance of publicly asserting ownership for digital files.
  • Root Causes Episode 170: Why Is Canada So Good At Cryptography? Recorded: Aug 23 2021 19 mins
    Tim Callan, Senior Fellow at Sectigo & Jason Soroko, CTO of PKI at Sectigo
    In celebration of Canada Day, our hosts discuss why Canada in particular offers a disproportionately large contribution to cryptography. We examine historic reasons and the real-world consequences of Canada being a center for cryptographic excellence.
  • Root Causes Episode 169: Bitcoin and the Anonymity Fallacy Recorded: Aug 20 2021 24 mins
    Tim Callan, Senior Fellow at Sectigo & Jason Soroko, CTO of PKI at Sectigo
    In the developing story of the Colonial pipeline ransomware attack, the FBI recently recovered the ransom money, which had been paid in Bitcoin. In this episode we talk about how this recovery might have occurred.
  • Root Causes Episode 168: The Difference Between E-Signing and Digital Signing Recorded: Aug 18 2021 20 mins
    Tim Callan, Senior Fellow at Sectigo & Jason Soroko, CTO of PKI at Sectigo
    In our technology discussions we frequently run into confusion about the relationship between electronic document signing and digital document signing. Despite the similarity in names, they are entirely different technological approaches to providing trustworthy electronic signed documents. In this episode we explain the two terms, their distinct definitions, and some of the pros and cons of each approach.
  • Root Causes Episode 165: Blockchain - Proof of Work Versus Proof of Stake Recorded: Aug 16 2021 27 mins
    Tim Callan, Senior Fellow at Sectigo & Jason Soroko, CTO of PKI at Sectigo
    In our ongoing examination of blockchain, we define proof of work and proof of stake as consensus algorithms for updating the public ledger. We explain their differences and get into the problems with proof of work and the reasons proof of stake is emerging as a promising new consensus algorithm. We touch on the consequences of these algorithms on other aspects of society as well.
  • Root Causes Episode 163: What Puts the I in PKI? Recorded: Aug 13 2021 14 mins
    Tim Callan, Senior Fellow at Sectigo & Jason Soroko, CTO of PKI at Sectigo
    PKI stands for Public Key Infrastructure. In this episode we focus on the word infrastructure. Our hosts discuss the key qualities of credential form factors, how they are separate and distinct from the infrastructure surrounding them, and the minimum capabilities necessary to refer to a public-private key system as PKI.
  • Root Causes Episode 160: Purpose-built Quantum Computers for Breaking RSA Recorded: Aug 12 2021 14 mins
    Tim Callan, Senior Fellow at Sectigo & Jason Soroko, CTO of PKI at Sectigo
    A new academic paper has described how a purpose-built quantum computer could break RSA encryption in fewer qbits than commonly are thought necessary possible. In this episode our hosts summarize the basic argument in this highly technical paper and its potential implications on the Quantum Apocalypse.
  • Root Causes Episode 150: This Podcast is Not About Alan Turing Recorded: Aug 9 2021 17 mins
    Tim Callan, Senior Fellow at Sectigo & Jason Soroko, CTO of PKI at Sectigo
    Recent news of the discovery of abandoned Enigma machines on the ocean floor inspires our hosts to discuss history's most famous code system, how it was broken, and how that relates to cryptography today.
  • Root Causes Episode 143: The Four Pillars of Certificate Automation Recorded: Aug 6 2021 28 mins
    Tim Callan, Senior Fellow at Sectigo & Jason Soroko, CTO of PKI at Sectigo
    In this episode our hosts explain the Four Pillars of Certificate Automation: deploy, discover, revoke/replace, and renew. They detail what these pillars entail and why they're important. They also discuss the umbrella capability of visibility, which affects all four pillars.
PKI and Security webinars for IT professionals
We are the world's largest commercial SSL Certificate Authority. Our webinars are specially designed to help you protect your online business, connected devices, applications, and digital identities.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Root Causes Episode 180: PetitPotam MSCA Attack
  • Live at: Sep 15 2021 2:14 pm
  • Presented by: Tim Callan, Senior Fellow at Sectigo & Jason Soroko, CTO of PKI at Sectigo
  • From:
Your email has been sent.
or close