Explore the inner workings of Microsoft's Secure Channel (Schannel) SSL/TLS library in this 47-minute Black Hat conference talk. Delve into how Schannel utilizes CryptoAPI-NG (CNG) to cache various keys and session tickets for TLS/SSL connections. Examine the underlying data structures and learn techniques to extract keys and forensically relevant information about connections. Discover how to decrypt sessions using ephemeral key exchanges and understand the cache's longevity and capacity. Gain insights into Schannel's preferred cipher suites, key isolation mechanisms, and the role of the Norypt SSL Provider. Explore the decryption of persistent keys using DPAPI and session tickets, while also considering the inherent metadata TLS provides and the limitations of Schannel caching.