forensic

Reversing DPAPI and Stealing Windows Secrets Offline

By ,   @BlackHat DC 2010
0 reaction(s) | 2354 downloads
We show how DPAPI, the Windows API for safe data storage on disk work. Our analysis reveals that it is possible to recover all previous passwords used by any user on a system. We have implemented DPAPI data decryption and previous password extraction in a free and open-source tool called DPAPIck.
You liked it, share it !
Downloads
slides
paper
You might also like reading

Forensic 2010

Recovering Windows Secrets and EFS Certificates Offline

Forensic 2011

OWADE Offline Windows Analysis and Data Extraction

Blog 2011

Using the Microsoft Geolocalization API to retrace where a Windows laptop has been

Forensic 2011

Beyond files recovery OWADE cloud-based forensic

Forensic 2010

DPAPIck
Comments
About me
Researcher at Google, specializing in Internet security and privacy.
Latest blog posts
Latest social News
about 11 hours ago
New survey: 19% of users use their browser private mode - http://t.co/2BTgm6SA #security #privacy #infosec #smo
about 22 hours ago
19% of users use their browser private mode - http://t.co/ed2NqpaZ #security #privacy #infosec
1 day ago
Blizzard fixing GAME Australia's bankruptcy mess, giving Diablo 3 to those who preordered - http://t.co/JjpVm5X5 #d3 #diablo #diablo3
3 days ago
SessionJuggler Secure Web Login from an Untrusted Terminal Using Session Hijacking - http://t.co/IRQsBcVY #security #infosec #www2012...
6 days ago
Fascinating: An interview with a cybercriminal - http://t.co/amO1M5wN < guy operate a 10k botnet. #botnet #security #infosec