Offline Extraction of Symantec Account Connectivity Credentials (ACCs) | itm4n’s blog

Offline extraction of Symantec Account Connectivity Credentials (ACCs) is possible by leveraging the AgentStorage class in Symantec.Deployment.PSComponent.dll. This class provides wrappers for unmanaged APIs in AeXAgentExt.dll, allowing access to the “Agent Secure Storage” and retrieval of encrypted data, including ACCs. The ReadItem method is used to retrieve the cleartext data, which is then copied to a managed byte array and freed using the fnFreeMemory function.