Showing posts from January, 2016

Windows ReVaulting

Windows Vaults  and Credentials  allow the user to store sensitive information such as user names and passwords , that can be later used to log on web site, services and computers. In this post it will be shown how such data is protected and how you can decrypt it offline. This post is a very late debriefing of the talk I had at  SANS DFIR Summit Prague 2015  and it's the first of two posts. You can download the slides from  SANS Summit Archives  or from  SlideShare . introduction I've never used Vault/Credential facility on purpose, even if the system used it without my knowledge : it's worthwhile to know that Windows autonomously uses it almost every day. In any case, we can find sensitive information there, and this is the reason I started this research, as to have a little more strings to my ODI  ( Offensive Digital Investigations ) bow. Windows provides two utilities to manage such credentials, the graphical  Credential Manager and the command line  vault