In-memory secrets

Theory

Just like the LSASS process on Windows systems allowing for , some programs sometimes handle credentials in the memory allocated to their processes, sometimes allowing attackers to dump them.

Practice

Just like , this technique needs the attacker to have admin access on the target machine since it involves dumping and handling volatile memory.

On UNIX-like systems, tools like (C, Shell, Python), (Python) and (Python) can be used to extract passwords from memory.

mimipenguin
laZagne memory

Resources

PreviousWeb browsers NextKerberos key list

Last updated 1 year ago

Was this helpful?