Detecting browser data theft using Windows Event Logs
Google Security
APRIL 30, 2024
Since 2013, Chromium has been applying the CRYPTPROTECT_AUDIT flag to DPAPI calls to request that an audit log be generated when decryption occurs, as well as tagging the data as being owned by the browser. Export the event logs to your backend system. Create detection logic to detect theft. 16385 events are described later.
Let's personalize your content