Decrypt LSA Secrets with Powershell offline

I wrote this last week and found it useful to recover data offline from the LSA store. Make sure to replace the key, secret, and IV into the code in the same format and it should decrypt for you.

I’ve been working on throwing together other code to mash it into one, I cant take all the credit for below.

Leave a comment

Your email address will not be published. Required fields are marked *