从 DPAPI 到 AppBound：在现代 Web 浏览器上窃取凭据.pdf

《从 DPAPI 到 AppBound：在现代 Web 浏览器上窃取凭据.pdf》由会员分享，可在线阅读，更多相关《从 DPAPI 到 AppBound：在现代 Web 浏览器上窃取凭据.pdf（45页珍藏版）》请在三个皮匠报告上搜索。

1、From DPAPI to AppBound:Looting Credentials on Modern Web Browsers Challenges of Credential Stealing on Modern Windows Web Browsers as Alternative Targets The Windows Data Protection API(DPAPI)Application-Bound Encryption Ways to overcome ABE The new Attack SurfaceAgendaSenior Red Team Operator at Pe

2、ntraze CybersecurityAdversary simulation and red team operationsSecurity testing of web,mobile,networks and IT infrastructureOffensive Security EnthusiastAdvanced Windows Active Directory exploitation techniquesDevelopment of custom tooling for AV/EDR evasionPublicationsEDB-ID 51856:Exploit for RCE

3、vuln in Easywall 0.3.1-https:/www.exploit- in UvDesk v1.1.7-https:/ believer of the Linux supremacy,Coffee enjoyerSecurity testing of web,mobile,network,and IT infrastructure applications.About MelvinChallenges of Credential Stealing on Modern Windows Technologies like Credential Guard and LSA Prote

4、ction(RunAsPPL)are defaults in new versions of Windows(w11/ws2025).Traditional credential dumping via lsass.exe is more complicated.Challenges of Credential Stealing in Modern WindowsWeb Browsers as Alternative Targets Purpose:Store and autofill user credentials(usernames and passwords)for websites.

5、Storage:Credentials are saved locally(often in SQLite databases)and encrypted using OS-level APIs(e.g.,DPAPI on Windows,Keychain on macOS).Autofill features:Automatically fill in login forms and sometimes generate strong passwords for new accounts.Browser Credential Managers Local State File:file on

6、 disk that stores browser-wide preferences and metadata,things like feature flags,last-run version,profile metadata,and telemetry settings,and also contains keys/metadata used for encrypting profile secretsBrowser Credential ManagersImage from:https:/ From Chrome 1.0 released in December 2008 to Chr