Windows Security Descriptor Binary (a Perl parser)
![Image](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjsfIcAXaGbxeEMlj8Qr48gDgAQD5Es2e0ypWudjJZYKOnltnyoKl60soRBNaMQBagtI_WNLWUhZsfHpcRDvDUoz-mryQidCc-HlEvFrrsylSLhzNn4qGkoz5AWeaffmTeTJd7NPoapOJg/s400/Untitled.png)
Some days ago I was messing up with RegRipper plugins , and in particular I was using the " shares.pl " plugin on one of my cases. This plugin parses the content of the registry key "SYSTEM\CurrentControlSet\Services\LanManServer" (please ignore case) and returns the values of the subkey " Shares ", which are the explicit shares (Microsoft File and Printers Sharing) created by a user. Under "Shares" there should be a subkey called " Security " and under it as many REG_BINARY values as shares (I found a case with two shares and only a security value related to one share: I did not go in deep with it, another todo added...). I gugled around but I was unable to get useful stuffs (like tools) or documentation about the nature of that binary values. What I found was a post in the great win4n6 mailing list but with few interesting points. From there I posed to myself the following question. A Windows Security Descriptor? I tried t