2024-06-08, 11:00–11:25, Track 1 (UC Conference Rm A)
In this presentation, we will explore Window’s Data Protection API (DPAPI) to gain an understanding of how it works and how it is exploited to dump credentials. DPAPI is utilized to encrypt data on a Windows system and is used by various applications like Chrome and Edge’s password managers. We will explore the code and requirements used for data encryption and decryption. Along with ways to abuse DPAPI, such as establishing Domain Persistence through extracting Domain Controllers’ Backup Key.
Jacob is an IT professional with 5 years of experience consisting of Offensive Security Consulting, System Administration, and Help Desk. As a consultant, he has helped over 20 companies secure their environments through PenTesting, Red/Purple Teaming, and Social Engineering engagements. Jacob is also an alumnus of the University of Texas at San Antonio. He is passionate about helping others in the IT community and shares his expertise through tutorials on Cyber Security via his YouTube channel ‘VillaRoot’.