Decrypt LSA Secrets with Powershell offline

I wrote this last week and found it useful to recover data offline from the LSA store. Make sure to replace the key, secret, and IV into the code in the same format and it should decrypt for you.

I’ve been working on throwing together other code to mash it into one, I cant …

Decryption LSA Secrets Offline with C++

So yesterday I took a few hours to throw together this sniblet after reviewing MimiKatz source code. This code takes a Blob that is in DPAPI format (Stright from the registery and decode’s it with the Key given. This key is your SysKey/BootKey.