Last September I wrote a post titled “Offensive Encrypted Data Storage” that detailed an approach to securely storing data on disk during offensive engagements. I recently revisited the idea a bit while once again thinking about disk artifacts, and remembered about DPAPI. The Windows Data Protection API (DPAPI) provides a simplified set of cryptographic functions that abstracts away concerns about deriving/storing keys, and removes the need to include additional libraries to use this functionality. DPAPI uses either the user’s current logon credential or the the randomized machine account password (depending on the “scope” passed to the functions) to protect, by…