Closed jgajek closed 7 years ago
spender-sandbox
commented
8 years ago That's the simple part -- the part that will take more work is having a selective logger within lsass which can become a full cuckoomon if lsass is otherwise injected into during an analysis. Also need to merge in the rest of the infrastructure.
-Brad
jgajek
commented
8 years ago To simplify things, how about just having a checkbox on the Submit page to enable injection of the full cuckoomon into lsass.exe?
zashraf1337
commented
7 years ago which feature in cuckoo 2.0 are you referring to? Thanks
Any interest in porting this feature over from the new Cuckoo 2.0 monitor? Based on a cursory review of the code, only two additional APIs in ncrypt.dll would need to be hooked: PRF and Ssl3GenerateKeyMaterial.