Juno pulse secure client

broken image

I then disassembled the main binary (*./JamUI/Pulse.exe*) with Radare2 and discovered that the client indeed rely on **Windows Data Protection API** (DPAPI) to encrypt credentials. I used procmon to get stack traces prior to calls to *RegSetValueEXW* and discovered that *CryptProtectData* is called just before saving data in the registry. No one ever answered that email since 2014, so it's time to dig into the code ! Static Analysis

broken image

The only reference to this format I could find is a request on 'John the Ripper' mailing-list asking if anyone looked into this before:

broken image

 

PreviousNext
Cookie Use
We use cookies to improve browsing experience, security, and data collection. By accepting, you agree to the use of cookies for advertising and analytics. You can change your cookie settings at any time. Learn More
Accept all
Settings
Decline All
Cookie Settings
Necessary Cookies
These cookies enable core functionality such as security, network management, and accessibility. These cookies can’t be switched off.
Analytics Cookies
These cookies help us better understand how visitors interact with our website and help us discover errors.
Preferences Cookies
These cookies allow the website to remember choices you've made to provide enhanced functionality and personalization.
Save