November 2011
1 post
Let's talk about roadmap
I recently discovered that Bitbucket is not duplicating the issue tracker while forking a repository. Thus you don’t have any visibility on what’s going on for DPAPIck and that’s why I’m writing this post.
So, as far as we are going, this is why we planned to release for version 0.3:
EFS Certificate recovery
Inline documentation
bin tools rewriting to keep only one...
September 2011
1 post
joshuanath asked: Maybe I just don't know or understand enough about this tool. Where is the MasterKey or Credhist stored in windows?
August 2011
1 post
2 tags
It's out !!!
As promised, today we are releasing the source code of DPAPIck v0.2 !
The project is hosted at Bitbucket and you can freely check it out to play with it.
You can also report bugs/issues on the tracker and see part of the roadmap for our tool.
A wiki will also be put online as soon as we take time to write documentation.
But no more waiting, here is the URL to have a look at DPAPIck :...
July 2011
1 post
4 tags
D-6 ?
Next week, DPAPIck will finally became the first opensource tool (GPLv3 licence) which is able to deal with DPAPI structures as well as the first tool that can do so from another operating system than Microsoft’s !
It has been entirely re-written in Python and only requires OpenSSL for decryption to be fully cross-platform. It is coming along with several applicative probes...
May 2011
3 posts
4 tags
No, we're not dead !
Pour la population francophone intéressée par DPAPI, nous avons rédigé un article qui sera publié dans la revue française MISC pour son numéro 56 (Juillet/Août).
Il reprend l’analyse des structures que nous avons publiée à BlackHat DC 2010, en incluant quelques corrections et quelques unes de nos avancées. Des bouts de scripts Python permettant de déchiffrer les structures sont également...
1 tag
Presented @BlackHat dc+2010 →
Our tool was presented during the BlackHat dc+2010
1 tag
What is DPAPIck?
This is a forensic tool to deal, in an offline way, with Microsoft Windows® protected data, using the DPAPI (Data Protection API).
A non-exhaustive list of those recoverable secrets are :
EFS certificates
MSN Messenger credentials
Internet Explorer form passwords
Outlook passwords
Google Talk credentials
Google Chrome form passwords
Wireless network keys (WEP key and WPA-PMK)
Skype...