finding credentials in .msi files with msiexec
Summary
The article reveals how a domain-join MSI contains plaintext credentials in a VBScript, and shows how an insider or attacker could extract them by unpacking the MSI. It documents a real-world discovery process and a responsible disclosure workflow with security teams, underscoring the need for secure packaging, access controls, and credential management in internal deployment tooling.