Injecting an EFS Recovery Agent – and Let the Virus Scanner Help You!

How can you read files encrypted with Windows's Encrypting File System if you neither have access to the owner's encryption certificate and key and nor that of a legit data recovery agent (DRA) ... but if you are a local administrator? This work is still inspired by the hackthebox machine Helpline. You were able to … Continue reading Injecting an EFS Recovery Agent – and Let the Virus Scanner Help You!

Parse Certificates Stored in the Windows Registry

You can parse the binary blobs that represent certificates stored in the Windows registry with certutil correctly, even when the Windows Explorer / GUI tells you that this is not a certificate. certutilĀ seems to be able to handle / ignore meta data better. Once upon a time I played with the machine Ethereal provided by … Continue reading Parse Certificates Stored in the Windows Registry