How can you read files encrypted with Windows's Encrypting File System if you neither have access to the owner's encryption certificate and key and nor that of a legit data recovery agent (DRA) ... but if you are a local administrator? This work is still inspired by the hackthebox machine Helpline. You were able to … Continue reading Injecting an EFS Recovery Agent – and Let the Virus Scanner Help You!
You can parse the binary blobs that represent certificates stored in the Windows registry with certutil correctly, even when the Windows Explorer / GUI tells you that this is not a certificate. certutil seems to be able to handle / ignore meta data better. Once upon a time I played with the machine Ethereal provided by … Continue reading Parse Certificates Stored in the Windows Registry