2025-11-17 –, Westin - Partenkirchen
The Data Protection API (DPAPI) is a critical yet often overlooked component of Windows security. It provides transparent data encryption services to both users and applications, enabling the secure storage of sensitive information such as credentials, encryption keys, and browser data. This talk demystifies how DPAPI works and should give an idea about the basics as well as the gotchas.
We'll examine real-world attack vectors, including credential theft and offline master key decryption, and demonstrate how DPAPI can be both a security asset and a liability if misunderstood. We also inspect where DPAPI is used in daily system functionality. This talk is intended to better understand DPAPI functionality. Attendees gain practical insights into DPAPI and what to do with it when encountered.
DPAPI Windows
Senior Penetration Tester @ CODE WHITE GmbH