Chcon

Windows - Data Protection API
2024-11-22 , Ngaio Marsh Theatre

Curious on what the Windows built-in Data Protection API (DPAPI) is? Want to understand how it can be abused from an offensive perspective? This talk will explain how the DPAPI works under the hood, various abuse scenarios, and what to consider when developing Windows applications that use the DPAPI


Come and learn how developer can use the Windows Data Protection API (DPAPI) to encrypt secrets, and how applications, including browsers, use this API. You will gain a basic understand on how the DPAPI works under the hood in Windows systems, and how it is often abuse from an offensive perspective.

Claudio is a Red Teamer / Penetration tester / Security enthusiast / Former Developer with more than twenty years experience with web technologies.
Claudio presented at several international security conferences: Defcon (Demo Labs), Black Hat (Arsenal), Kiwicon, Bsides San Francisco, OWASP.
Currently Claudio works as principal consultant at Tier Zero Security.