Defeating password safes

Presented at ToorCon San Diego 14 (2012), Oct. 21, 2012, 11:30 a.m. (20 minutes).

I'd like to demonstrate the weaknesses in password safe programs like Keepass and Gorilla as well as anti-AV detection to evade notice.

I'll show off how a non admin program run silently in the background can snarf  users and passwords from password safe programs without getting the users attention or needing SYSTEM privs. I'll include code to do so as well as explain how the code works, then try and explain how my hijack could be prevented.

Presenters:

• Joseph Giron
  Joseph Giron is 26 year old Systems administrator born and raised in Phoenix AZ. Has been in the security / hacker scene since 2003. Admin by day, independent security research by night. Link to blog of goodies: gironsec.com

Similar Presentations:

• AppSec USA 2014 / Your Password Complexity Requirements are Worthless
• HOPE 2020 Virtual Rescheduled / Password Superpowers: How to Crack Hashes and Stump Hackers
• CackalackyCon 2 (2023) / Password Attacks 101: Exploiting Human Weaknesses