DPAPI and DPAPI-NG Decrypting All Users’ Secrets and PFX Passwords by Paula Januskiewicz
hackinparis.co...
Come to the session and see our second discovery about how to decrypt SID-protected PFX files even without access to user’s password but just by generating the SID and user’s token!
CQURE Team takes DPAPI (Data Protection API) and DPAPI-NG research to the completely next level! During this session you will hear about 2 great discoveries we made, first is about how to decrypt DPAPI protected data by leveraging usage of the private key stored as a LSA Secret on a domain controller (we have called it a ‘backup key’ and it is a key corresponding to the backup public key stored in the domain user’s profile). The backup key allows decrypting literally all of the domain user’s secrets (passwords / private keys / information stored by the browser). In other words, someone having the backup key is able to take over all of the identities and their secrets in the whole enterprise. It is crucial to know how this is happening! Another variant of DPAPI is DPAPI-NG used in the SID-protected PFX All rights reserved. All content (texts, trademarks, illustrations, photos, graphics, files, designs, arrangements etc.) of CQURE agendas is protected by copyright and other protective laws. Copying, duplicating and diffusing the content without CQURE’s permission is formally forbidden and may result in the financial penalty. files and when in the previous discovery CQURE Team is able to get access to user’s secrets, here it is a bit different! Paula Januszkiewicz, CEO and security researcher, will present the unique team’s findings of how to get access to users’ secrets by possessing the backup key from the domain and how to decrypt the PFX files passwords. Both demonstrations are key DPAPI breakthrough that can also cause serious implications if not managed well. Tools included. Our research affects Windows 8, Windows 8.1, Windows 10 and related Windows Server.
Негізгі бет HIP19: DPAPI and DPAPI-NG Decrypting All Users’ Secrets and PFX Passwords - P. Januskiewicz
Пікірлер: 2