Cunning with CNG: Soliciting Secrets from Schannel

Black Hat USA 2016

Presented by: Jake Kambic
Date: Thursday August 04, 2016
Time: 11:00 - 11:50
Location: South Seas IJ

Secure Channel (Schannel) is Microsoft's standard SSL/TLS Library underpinning services like RDP, Outlook, Internet Explorer, Windows Update, SQL Server, LDAPS, Skype and many third party applications. Schannel has been the subject of scrutiny in the past several years from an external perspective due to reported vulnerabilities, including an RCE. What about the internals? How does Schannel guard its secrets?

This talk looks at how Schannel leverages Microsoft's CryptoAPI-NG (CNG) to cache the master keys, session keys, private and ephemeral keys, and session tickets used in TLS/SSL connections. It discusses the underlying data structures, and how to extract both the keys and other useful information that provides forensic context about connection. This information is then leveraged to decrypt a session that uses ephemeral key exchanges. Information in the cache lives for at least 10 hours by default on modern configurations, storing up to 20,000 entries for client and server each. This makes it forensically relevant in cases where other evidence of the connection may have dissipated.

Jake Kambic

Jake Kambic is a DFIR researcher and network penetration tester.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats