当前位置:首页 > 报告详情

从 DPAPI 到 AppBound:在现代 Web 浏览器上窃取凭据.pdf

上传人: 可*** 编号:991812 2025-12-07 45页 4.37MB

1、From DPAPI to AppBound:Looting Credentials on Modern Web Browsers Challenges of Credential Stealing on Modern Windows Web Browsers as Alternative Targets The Windows Data Protection API(DPAPI)Application-Bound Encryption Ways to overcome ABE The new Attack SurfaceAgendaSenior Red Team Operator at Pe

2、ntraze CybersecurityAdversary simulation and red team operationsSecurity testing of web,mobile,networks and IT infrastructureOffensive Security EnthusiastAdvanced Windows Active Directory exploitation techniquesDevelopment of custom tooling for AV/EDR evasionPublicationsEDB-ID 51856:Exploit for RCE

3、vuln in Easywall 0.3.1-https:/www.exploit- in UvDesk v1.1.7-https:/ believer of the Linux supremacy,Coffee enjoyerSecurity testing of web,mobile,network,and IT infrastructure applications.About MelvinChallenges of Credential Stealing on Modern Windows Technologies like Credential Guard and LSA Prote

4、ction(RunAsPPL)are defaults in new versions of Windows(w11/ws2025).Traditional credential dumping via lsass.exe is more complicated.Challenges of Credential Stealing in Modern WindowsWeb Browsers as Alternative Targets Purpose:Store and autofill user credentials(usernames and passwords)for websites.

5、Storage:Credentials are saved locally(often in SQLite databases)and encrypted using OS-level APIs(e.g.,DPAPI on Windows,Keychain on macOS).Autofill features:Automatically fill in login forms and sometimes generate strong passwords for new accounts.Browser Credential Managers Local State File:file on

6、 disk that stores browser-wide preferences and metadata,things like feature flags,last-run version,profile metadata,and telemetry settings,and also contains keys/metadata used for encrypting profile secretsBrowser Credential ManagersImage from:https:/ From Chrome 1.0 released in December 2008 to Chr

word格式文档无特别注明外均可编辑修改,预览文件经过压缩,下载原文更清晰!
三个皮匠报告文库所有资源均是客户上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作商用。
根据报告的内容,全文主要内容概括如下: 1. **现代Windows凭证窃取挑战**:随着Windows新版本(如Windows 11/WS2025)中默认的Credential Guard和LSA Protection(RunAsPPL),传统的凭证转储方法变得更加复杂。 2. **Web浏览器作为替代目标**:浏览器用于存储和自动填充用户凭证,通常使用DPAPI等操作系统级API进行加密。 3. **浏览器存储凭证的保护**:从Chrome 1.0到Chrome 127,DPAPI是唯一用于加密浏览器存储秘密的保护层。2024年7月,Chrome 127引入了AppBound Encryption来加密cookies,2025年4月扩展到密码和支付方式。 4. **AppBound Encryption**:这是一种新的保护机制,通过将数据与应用程序身份绑定来提高安全性。它要求攻击者获得Chrome.exe的代码执行权限或系统权限。 5. **克服AppBound Encryption的方法**:包括代码注入、在Chrome安装路径上放置二进制文件、手动复制提升服务逻辑等。 6. **新的攻击面**:尽管AppBound Encryption提高了安全性,但攻击者仍有可能通过注入代码、本地权限提升或利用特权服务来恢复受保护的数据。 7. **OPSEC影响**:绕过AppBound Encryption的攻击可能被EDR解决方案检测到,需要系统权限,且攻击必须在运行中的系统上进行。
AppBound加密挑战" DPAPI到AppBound加密演变" AppBound加密的攻防之道"
客服
商务合作
小程序
服务号
折叠