## Research Questions
In this assignment you will research and experiment with the following:
- How does the DPAPI work in respect to functions and encryption keys (now and in earlier Windows versions)?
- Which programs use DPAPI?
- Edge/IE/Chrome/Firefox/TorBrowser, KeePass, Dropbox, Thunderbird, Skype, OpenVPN, Windows Hello, VMware Workstation, iCloud for Windows?
- For what do the different applications use it?
- Chat, passwords, configuration, API keys?
- Is it possible to create a generic approach for decrypting all identified secrets?
- Can earlier Windows logon passwords be identified by cracking SHA1 hashes in *%APPDATA%\Microsoft\Protect\CREDHIST*?
- Evaluate how your final, generic, and pluggable framework compares to the existing tooling
## Suggestion for second semester essay
- Describe the DPAPI functions
- Explain and demonstrate how the application specific secrets are maintained (encrypted and decrypted) with the RSA master keys
- Experiment with existing tooling, such as *pypykatz dpapi + prekey/masterkey*, *dpapick*, *dondapi*, and *CredHistView by NirSoft*, and document benefits, drawbacks, and missing features
## Sources
- https://learn.microsoft.com/en-us/previous-versions/ms995355(v%3Dmsdn.10)
- https://dl.acm.org/doi/10.5555/1925004.1925006