tag:blogger.com,1999:blog-8539880144347728238.post8121305102716007787..comments2024-01-24T04:15:08.086-05:00Comments on Carnal0wnage Blog: Mimikatz Against Virtual Machine Memory Part 2Unknownnoreply@blogger.comBlogger4125tag:blogger.com,1999:blog-8539880144347728238.post-30304457196406632032014-07-02T02:38:07.104-04:002014-07-02T02:38:07.104-04:00You may find useful to know that there is also a c...You may find useful to know that there is also a custom volatility plugin that promises to dump the passwords directly from the ram dump, without the need to open the image with WinDbg:<br /><br />http://blog.digital-forensics.it/2014/03/et-voila-le-mimikatz-offline.html<br /><br />https://code.google.com/p/hotoloti/<br /><br />I didn't tested it but from the source it appears to support Windows 7 and Vista only, both 32 and 64.lcantonihttps://www.blogger.com/profile/01746926221026028211noreply@blogger.comtag:blogger.com,1999:blog-8539880144347728238.post-15269634941257098692014-06-23T12:11:44.903-04:002014-06-23T12:11:44.903-04:00@anoymous i dont know on that one. sorry.@anoymous i dont know on that one. sorry.CGhttps://www.blogger.com/profile/11061967917509053185noreply@blogger.comtag:blogger.com,1999:blog-8539880144347728238.post-21457229593514798482014-06-23T11:59:16.376-04:002014-06-23T11:59:16.376-04:00Very practical research! Can you apply your approa...Very practical research! Can you apply your approach to an inception FireWire raw memory dump file, in your opinion? I have a 4GB memdump file akqired via FireWire from a customer laptop, but get the following error message, if I try to bin2dmp it:<br />"Initializing memory descriptors... Done.<br />Looking for kernel variables... Failed.<br />Cannot open file. Please check if the file is not being used."<br /><br />thx in advance and thx for all your great input in the last couple of years!Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-8539880144347728238.post-18867974447951402322014-06-13T13:44:06.130-04:002014-06-13T13:44:06.130-04:00from Benjamin
http://blog.gentilkiwi.com/retro-in...from Benjamin <br />http://blog.gentilkiwi.com/retro-ingenierie/symboles-microsoft-windbg-ida-process-explorer-monitorCGhttps://www.blogger.com/profile/11061967917509053185noreply@blogger.com