DPAPI looting remotely and locally in Python
Dumping revelant information on compromised targets without AV detection
Hekatomb is a python script that connects to LDAP directory to retrieve all computers and users informations. Then it will download all DPAPI blob of all users from all computers and uses Domain backup keys to decrypt them.
Bruteforce DPAPI encrypted MasterKey File from Windows Credentials Manager
