Credential theft is the cornerstone of the world’s most devastating breaches. For over a decade, attackers have used this blueprint to own networks, exploiting weaknesses in symmetric credentials. Building on last year’s Pass-the-Hash defense talk, this session will demonstrate how a modern OS can utilize new hardware capabilities to strongly protect even NTLM and Kerberos from credential theft.