Closed garanews closed 2 months ago
Sorry, I'm not really familiar with Volatility's memory dump format. I can look into this if you can provide me with clear use case why this would be important or useful?
Well, the goal would be build a plugin that does what you do but directly from volatility, but maybe is not your business! :) You can see current plugins here: https://github.com/volatilityfoundation/volatility3/tree/develop/volatility3/framework/plugins/windows But I would start first with what you have already built so using your cookiekatzminiduymp try to fetch cookies from extracted executables present in memory dumps. More or less is the same concept for pypykatz: standalone: https://github.com/skelsec/pypykatz volatility plugin: https://github.com/skelsec/pypykatz-volatility3 If needed I can send you some msedge or chrome process extracted with volatility framework from some windows memory dump.
I believe that the minidump support will satisfy this need. Closing the ticket for now.