Naslednje SloWUG srečanje bo v Ljubljani v ponedeljek 16.10.2017
Dobimo se okoli 17:45. Predavanja se pričnejo ob 18:00...
Predavateljica: Paula Januszkiewicz
DPAPI and DPAPI-NG: Decrypting All Users’ Secrets and PFX Passwords (Level: 300)
CQURE Team takes DPAPI (Data Protection API) and DPAPI-NG research to the completely next level! During this session you will hear about 2 great discoveries we made, first is about how to decrypt DPAPI protected data by leveraging usage of the private key stored as a LSA Secret on a domain controller (we have called it a ‘backup key’ and it is a key corresponding to the backup public key stored in the domain user’s profile). The backup key allows decrypting literally all of the domain user’s secrets (passwords / private keys / information stored by the browser). In other words, someone having the backup key is able to take over all of the identities and their secrets in the whole enterprise. It is crucial to know how this is happening! Another variant of DPAPI is DPAPI-NG used in the SID-protected PFX files and when in the previous discovery CQURE Team is able to get access to user’s secrets, here it is a bit different! Come to the session and see our second discovery about how to decrypt SID-protected PFX files even without access to user’s password but just by generating the SID and user’s token! Paula Januszkiewicz, CEO and security researcher, will present the unique team’s findings of how to get access to users’ secrets by possessing the backup key from the domain and how to decrypt the PFX files passwords. Both demonstrations are key DPAPI breakthrough that can also cause serious implications if not managed well. Tools included. Our research affects Windows 8, Windows 8.1, Windows 10 and related Windows Server versions.
Informacije o srečanju lahko najdete na SloWUG Facebook strani strani!
Sponzor predavanje je Kompas Xnet.