SharpDPAPI - A C# Port Of Some Mimikatz DPAPI Functionality

SharpDPAPI is a C port of some DPAPI functionality from @gentilkiwi's Mimikatz project. I did not come up with this logic, it is simply a port from Mimikatz in order to better understand the process and operationalize it to fit our workflow. The SharpChrome subproject is an adaptation of work fro...

Solarflare - SolarWinds Orion Account Audit / Password Dumping Utility

Credential Dumping Tool for SolarWinds Orion Blog post: https://malicious.link/post/2020/solarflare-release-password-dumper-for-solarwinds-orion/ Credit to @asolino, @gentilkiwi, and @skelsec for helping me figuring out DPAPI. ============================================ | Collecting RabbitMQ...

Pypykatz - Mimikatz Implementation In Pure Python

Mimikatz implementation in pure Python. At least a part of it : Runs on all OS's which support python=3.6 WIKI Since version 0.1.1 the command line changed a little. Worry not, I have an awesome WIKI for you. Installing Install it via pip or by cloning it from github. The installer will create a...

CQTools - The New Ultimate Windows Hacking Toolkit

CQURE Team has prepared tools used during penetration testing and packed those in a toolkit named CQTools. This toolkit allows to deliver complete attacks within the infrastructure, starting with sniffing and spoofing activities, going through information extraction, password extraction, custom...

Malware analysis: decoding Emotet, part 2

In part two of our series on decoding Emotet, you can catch up on part 1 here, we'll cover analysis of the PowerShell code. Before we do that, however, it is a good idea to list some of the functions and calls that are used in the code for the execution. System.Runtime.InteropServices.Marshal: us...

LaZagneForensic - Decrypt Windows Credentials From Another Host

LaZagne uses an internal Windows API called CryptUnprotectData to decrypt user passwords. This API should be called on the victim user session, otherwise, it does not work. If the computer has not been started when the analysis is realized on an offline mounted disk, or if we do not want to drop ...

Windows 8 Security flaw : Logon Passwords Stores in Plain Text

Windows 8 is the first operating system from Microsoft to support alternative non-biometric authentication mechanisms such as Picture Password and PIN. A vulnerability discovered by a password security vendor - "Passcape" in Microsoft's Windows 8 operating system that it saves a log on password i...

Researcher: Fix for UPEK Fingerprint Reader Encryption Woes Falls Short

A researcher said a fix released by Authentec on Sept. 18 falls short of repairing a serious vulnerability in the company’s UPEK Protector Suite fingerprint reader software used as an authenticator on many new consumer and business laptops. Researchers Adam Caudill and Brandon Wilson this week...