Closed jgajek closed 7 years ago
That's the simple part -- the part that will take more work is having a selective logger within lsass which can become a full cuckoomon if lsass is otherwise injected into during an analysis. Also need to merge in the rest of the infrastructure.
-Brad
To simplify things, how about just having a checkbox on the Submit page to enable injection of the full cuckoomon into lsass.exe?
which feature in cuckoo 2.0 are you referring to? Thanks
Any interest in porting this feature over from the new Cuckoo 2.0 monitor? Based on a cursory review of the code, only two additional APIs in ncrypt.dll would need to be hooked: PRF and Ssl3GenerateKeyMaterial.