Windows Security Descriptor Binary (a Perl parser)
Some days ago I was messing up with RegRipper plugins , and in particular I was using the " shares.pl " plugin on one of my cases. This plugin parses the content of the registry key "SYSTEM\CurrentControlSet\Services\LanManServer" (please ignore case) and returns the values of the subkey " Shares ", which are the explicit shares (Microsoft File and Printers Sharing) created by a user. Under "Shares" there should be a subkey called " Security " and under it as many REG_BINARY values as shares (I found a case with two shares and only a security value related to one share: I did not go in deep with it, another todo added...). I gugled around but I was unable to get useful stuffs (like tools) or documentation about the nature of that binary values. What I found was a post in the great win4n6 mailing list but with few interesting points. From there I posed to myself the following question. A Windows Security Descriptor? I tried t...