DPAPI Demystified: Abusing the Windows Data Protection API one secret at a time

Description

The Data Protection API (DPAPI) is a critical yet often overlooked component of Windows security. It provides transparent data encryption services to both users and applications, enabling the secure storage of sensitive information such as credentials, encryption keys, and browser data. This talk demystifies how DPAPI works and should give an idea about the basics as well as the gotchas.

Daniel Küppers

Daniel Küppers has been professionally breaking things for over nine years. As a Red Teamer at CODE WHITE, he specializes in conducting Red Team Assessments to simulate real-world attacks and enhance an organization’s defenses. Daniel also works closely with Blue Teams through Purple Teaming exercises to improve their detection and mitigation capabilities, fostering stronger cybersecurity practices.