Master password 1password12/19/2023 ![]() ![]() In case of an issue with "DbgHelp.lib", do the following: Install Visual Studio 2022, with all C++ dependencies.For the development phase, Visual Studio 2022 was used. Feel free to provide any feedback and/or recommendations/improvements. However, and to the best of my knowledge, this is the first time such a tool has been presented to the public. It has been well-known for some time that there is no de facto way for desktop applications to be protected against such attacks. Although some products may provide fixes, their exploits will be released at a later date (they are still under disclosure). Regarding fixing these issues, most vendors responded that such issues are out-of-scope for them since the attacker needs local access or AV/EDR should protect the user against such attacks. Three different videos have been uploaded to assist in understanding how this tool works. So, the purpose of this tool is to provide an additional attack vector in red team engagements, since many users are using password managers. ![]() Specifically, in most cases, password managers must be up and unlocked for the tool to work. In this release (v0.5), the tool supports 14 password managers, with 18 different implementations (e.g., the tool could dump credentials either from the desktop app, or the browser plugin of the same product). This may work on other OS, like Linux, but it is not tested yet. They are separated into three categories, Windows 10 desktop applications, browsers, and browser plugins. This is a red team tool that assists in gathering credentials from different password managers. A red team tool to extract credentials from password managers. ![]()
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |