Skip to content

Improve various Windows LSA and DPAPI internals #1071

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 11 commits into from
Apr 3, 2025
Merged

Improve various Windows LSA and DPAPI internals #1071

merged 11 commits into from
Apr 3, 2025

Conversation

@JSCU-CNI
Copy link
Contributor

@JSCU-CNI JSCU-CNI commented Mar 19, 2025

This PR improves several small Windows LSA and DPAPI internals in preparation for future PRs:

  1. More LSA DefaultPassword registry key variations are now parsed (both CurVal and OldVal)
  2. DPAPI decryption now allows passing abitrary kwargs to the DPAPIBlob decrypt function. This is useful when dealing with different DPAPI decryption schemes such as DPAPI-NG.

Schamper
Schamper requested changes Mar 21, 2025
View reviewed changes
@JSCU-CNI JSCU-CNI requested a review from Schamper March 24, 2025 11:38
Schamper
Schamper requested changes Apr 2, 2025
View reviewed changes
@JSCU-CNI JSCU-CNI mentioned this pull request Apr 2, 2025
Closed
@JSCU-CNI JSCU-CNI requested a review from Schamper April 2, 2025 12:03
Schamper
Schamper requested changes Apr 2, 2025
View reviewed changes
@JSCU-CNI JSCU-CNI requested a review from Schamper April 2, 2025 12:34
Schamper
Schamper previously approved these changes Apr 2, 2025
View reviewed changes
@codecov
Copy link

codecov bot commented Apr 2, 2025
edited
Loading

Codecov Report

Attention: Patch coverage is 82.60870% with 4 lines in your changes missing coverage. Please review.

Project coverage is 79.24%. Comparing base (f433f90) to head (46f6bc9).
Report is 1 commits behind head on main.

Files with missing lines Patch % Lines
...target/plugins/os/windows/dpapi/keyprovider/lsa.py 62.50% 3 Missing ⚠️
dissect/target/plugins/os/windows/dpapi/dpapi.py 83.33% 1 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #1071      +/-   ##
==========================================
- Coverage   79.27%   79.24%   -0.03%     
==========================================
  Files         345      345              
  Lines       30656    30661       +5     
==========================================
- Hits        24302    24297       -5     
- Misses       6354     6364      +10
Flag Coverage Δ
unittests 79.24% <82.60%> (-0.03%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@Schamper Schamper merged commit e58718e into fox-it:main Apr 3, 2025
19 of 23 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Schamper Schamper Schamper approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@JSCU-CNI @Schamper