https://detection.fyi/sigmahq/sigma/windows/file/file_event/file_event_win_susp_dpapi_backup_and_cert_export_ioc/
DPAPI Backup Keys And Certificate Export Activity IOC | Detection.FYI
Detects file names with specific patterns seen generated and used by tools such as Mimikatz and DSInternals related to exported or stolen DPAPI backup keys and...
ioc detectiondpapibackupkeyscertificate
https://elie.net/talk/reversing-dpapi-and-stealing-windows-secrets-offline
Reversing dpapi and stealing windows secrets offline | Black Hat DC talk
We show how DPAPI, the Windows API for safe data storage on disk work. Our analysis reveals that it is possible to recover all previous passwords used by any...
windows secretsblack hatreversingdpapi