windows-dpapi – Page 2 – WindowsTechs.com

HMAC with random application Id and secret with DPAPI

Posted on December 9, 2020 by Expressingx

We have open endpoints because there is a flow where access token is still not presented. Because of that, I’ve implemented HMAC + DPAPI (using Azure Blob Storage) to store the keys, without involving config files/database. DPAPI is shared… Continue reading HMAC with random application Id and secret with DPAPI→

Microsoft DP API and its keys

Posted on October 3, 2020 by user243647

Google-fu is failing me, and I could not find documentation that answers the following question: if an application uses Windows machine key or user key to encrypt certain data, and the encrypted data is still available, but machine becomes… Continue reading Microsoft DP API and its keys→

How do browsers import password data from other browsers?

Posted on May 1, 2020 by user1857492

Specifically, how did the new Microsoft Edge (based on Chromium?) import my passwords from Google Chrome (which are synced to my Google account and supposedly secure)?

I’m on Windows 10. Does Windows have a standard password exchange medi… Continue reading How do browsers import password data from other browsers?→

Which Windows 10 login protects secure data?

Posted on April 19, 2020 by mFeinstein

Windows can protect sensitive data using CryptProtectData, which according to the Windows docs, encrypts data for a given program using the user’s login password.

But Windows 10 has several forms of login: Windows Hello Face, Windows Hel… Continue reading Which Windows 10 login protects secure data?→

Securely store tokens in WinPE

Posted on December 26, 2019 by Ankit Aggarwal

We have a tool running on WinPE (Windows PreInstallation Environment) which talks to a web service. A user enters his login credentials and the web service authenticates the user and returns an authentication token. I want to… Continue reading Securely store tokens in WinPE→

Which attributes does DPAPI’s "UseMachineProtection" use to identify a machine?

Posted on May 16, 2019 by Lewis Singleton

We’re using DPAPIProtectedConfigurationProvider from the Windows Data Protection API to encrypt an application config file. The API offers a property called UseMachineProtection, so that the config file is bound to one specif… Continue reading Which attributes does DPAPI’s "UseMachineProtection" use to identify a machine?→

DPAPI Decryption

Posted on November 25, 2018 by deltzy

An application I am looking to use is using DPAPI to encrypt a Client Secret as part of a OAuth2 Authentication flow. A domain service account will be used for encryption with the password stored in CyberArk.

I am trying to … Continue reading DPAPI Decryption→

Is it appropriate to tie application-level encryption keys to AD profile

Posted on November 27, 2017 by DiskJunky

The underlying tech is Windows DPAPI and .NET’s use of it via ProtectedData. In our scenario, we have an application that runs across various servers, Web Api’s, websites that users can log into and windows services running i… Continue reading Is it appropriate to tie application-level encryption keys to AD profile→

How should one exploit DPAPI Backup Keys?

Posted on October 7, 2017 by daisy

When you have domain admin access, mimikatz can dump DPIAPI backup keys like this,

But, what can one do with this key?

Continue reading How should one exploit DPAPI Backup Keys?→

Procmon64.exe Looking for DLL Hijacking

Posted on February 26, 2017 by REPTILE

Im trying out DLL Hijacking using this video by vivek ramchandran https://www.youtube.com/watch?v=e_l5TCgw3wo.

He appears to be using a 32bit version of procmon.exe which doesnt run on my 64bit Windows 7 SP1 Ultimate VM. I … Continue reading Procmon64.exe Looking for DLL Hijacking→