Extracting Roamed Private Keys from Active Directory

March 24, 2020 | Michael Grafnetter

One of the lesser known features of Active Directory (AD) is called Credential Roaming. When enabled, it synchronizes DPAPI Master Keys, user certificates (including the corresponding private keys) and even saved passwords between computers. These credentials can easily be extracted from Active Directory database. If you want to learn more on this topic, be sure to read my #CQLabs article.


Leave a Reply

Your email address will not be published.