From Mimikatz to DPAPI
- A Tale on Dropbox
- Francesco Picasso
- Thursday, June 19th, 5:30pm - 6:30pm
Knowing the Windows user credentials it not only useful during pentesting, but in Digital Forensics cases too, since it could, for example, enable the unlocking of encrypted data. However this is only the first level of the game, a requirement for the next.
In this presentation Francesco will share the experience gained during a case, from which he started using Mimikatz to forensically post-mortem a Windows offensive and he got involved with DPAPI. Dropbox encrypted dbx files will be used as an example of what could be achieved with such approach.
The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:
- SANS@Night: Evening presentations given after day courses have ended. This category includes Keynotes.
Tuesday, June 17
|Incident Response Case Management||Steve Armstrong||Tuesday, June 17th, 5:30pm - 6:30pm||SANS@Night|
Thursday, June 19
|From Mimikatz to DPAPI||Francesco Picasso||Thursday, June 19th, 5:30pm - 6:30pm||SANS@Night|