Conversation

mr.d0x

@mrd0x

·

May 29

Reminder that creating a memory dump of Outlook.exe not only produces access tokens but also potentially sensitive email content.

23

278

1,280

Amias Channer @amias@toot.cat

@amias

·

May 30

Not a windows person but surely most people don't have coredumps enabled in windows, that sounds like an insider build option.

1

1

namazso

@namazso

·

May 30

with process r/w rights anyone can create dumps, just like how gdb can create coredumps regardless of settings

1

Dylan

@Skyoptika

·

Jun 3

In windows does that require elevation or just the same user?

1

namazso

@namazso

·

Jun 3

No elevation required

1

Dylan

@Skyoptika

·

Jun 3

Okay, so like Linux then. Is there a Windows equivalent to the “undumpable” prctl()? (this makes it so that a process’s memory becomes readable only be root and it can only be ptraced by root. A process does not need to be privileged to active this mode)

1

Dylan

@Skyoptika

·

Jun 3

* Oh, and dumps can only be triggered by root and are always written with root file permissions only.

1

namazso

@namazso

There isn't.

5:09 PM · Jun 3, 2023

·

52

Views

Dylan

@Skyoptika

·

Jun 3

Ouch. Well that sucks. RIP password managers on Windows. 🫣