forensic

Reversing DPAPI and Stealing Windows Secrets Offline

By ,   @BlackHat DC 2010
0 reaction(s) | 2354 downloads
We show how DPAPI, the Windows API for safe data storage on disk work. Our analysis reveals that it is possible to recover all previous passwords used by any user on a system. We have implemented DPAPI data decryption and previous password extraction in a free and open-source tool called DPAPIck.
Downloads
slides
paper
You might also like reading

Forensic 2010

Recovering Windows Secrets and EFS Certificates Offline

Forensic 2011

OWADE Offline Windows Analysis and Data Extraction

Blog 2011

Using the Microsoft Geolocalization API to retrace where a Windows laptop has been

Forensic 2011

Beyond files recovery OWADE cloud-based forensic

Forensic 2010

DPAPIck
Comments
About me
Researcher at Google, specializing in Internet security and privacy.
Latest blog posts
Latest social News
about 11 hours ago
Confession of a reformed hacker - http://t.co/izoNn9M5yq < interesting stuff on botnets and credit cards.#security#seo#fraud#web
about 13 hours ago
After Twitter turn on 2 steps authentication, Kim Dotcom claims to have invented - http://t.co/NYf3ajtkVr#security#twitter#fb#seo
4 days ago
What Your Facebook Profile Photo Says About You - http://t.co/THHqZQxFem#fb#twitter#psych#smo#seo#privacy
5 days ago
Emotion color guide. Awesome ! What is your color? :)#design#web#art#ux http://t.co/bndVZysO5t
5 days ago
When a porn site masquerades as the Apple App Store - http://t.co/x3r0UKGUlX#ios#apple#security#seo#mobile
Share me!