EntropyCapture: Simple Extraction of DPAPI Optional Entropy

EntropyCapture: Simple Extraction of DPAPI Optional Entropy

IntroDuring a short application assessment, enumeration and decryption of a third-party application’s Windows Data Protection API (DPAPI) blobs using SharpDPAPI produced non-readable data because optional entropy was being used. This may be common with applications that use DPAPI to protect sensitive data (e.g., configurations, passwords, user information, etc.). Although traditionally, ... Read More

Application Security Check Up