Skip to content

Encrypt and compress the MiniDump in memory before touching disk #4

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
hfz1337 wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Encrypt and compress the MiniDump in memory before touching disk #4

hfz1337 wants to merge 2 commits into from

Conversation

@hfz1337
Copy link

@hfz1337 hfz1337 commented Apr 15, 2025
edited
Loading

  • Added some refactoring.
  • Added a callback function for MiniDump in order to encrypt the dump in memory. This solves the issue where the dump is flagged as Trojan:Win32/LsassDump.A. With this approach we make sure that the real dump never touches the disk.
  • Added randomization to the filename.

The user will have to gunzip and decrypt the dump before it can be used (the current encryption scheme is a simple memfrob, but it can be customized by the user).

@hfz1337 hfz1337 marked this pull request as draft April 15, 2025 04:10
@hfz1337
feat: gzip(xor(dmp,42)) in memory before touching disk
f5e7cdc 
typo: match filename with the hint

fix: don't hardcode memory allocation

enhance: randomize filename

fix: ensure chunks are sorted by offset
@hfz1337 hfz1337 marked this pull request as ready for review April 15, 2025 06:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@hfz1337