Posts

Showing posts from May, 2015

UnDesXing

Image
In my own vocabulary, undesxing is the action of decrypting something encrypted with the Microsoft version of the DESX algorithm: a bit obfuscated title but I liked to make a scenographic use of it. DESX is a variant of the Data Encryption Standard in that a XOR step is added to the plaintext before and after the encryption: you can find a description on wikipedia . So, what is the issue with it? Let me provide the context. windows lsass The Windows Local Security Authority ( LSA ) Subsystem Service ( lsass ) process is in charge, among other things, to authenticate and log users on to the local system: see Microsoft info here . It's well known that it keeps some sensitive information regarding the logon sessions: for example users' passwords and tokens. This kind of storage - basically due to the SSO capability - is exploited by the never-loved-enough mimikatz , which is able to provide some cool passive (not considering its active operation modalities) informa