Closed darkoperator closed 3 years ago
+1
Maybe store the Keys as SecureString in the registry... so only the same user on the same machine can decrypt it: https://github.com/BornToBeRoot/PowerShell_ManagedCredential
If you want, i can do this.
Yep, sadly with many post-exploitation tools knowing this they now decrypt on the host as the user and exfiltrate the unencrypted data (at least that is who I do it in some of my Metasploit post-modules) I prefer to use a password that I derive a key from for the storage, it also makes it portable across machines https://github.com/darkoperator/Posh-VirusTotal/blob/master/Posh-VirusTotal.psm1#L21 I would not mind you contributing to it :) want to define the requirements for it?
series od function for storing securely Key and credentials.