Ceri Coburn

Very cool. Thanks for that. Do we need to use the xor key to get the size? Can't we just query the base address to get the allocated memory size...

@d1nfinite NtQueryInformationMemory should give the allocated base + size of any address. It might overshoot the amount actually allocated off the heap but it should cover the block it was...

Do you have the malleable profile available, or any other details you could share?

Just -m on it's own with no args. It will monitor all processes found. If it's not being detected -m wont help you though. There is a bug in the...

Are you able to try with the latest commit?

> Is this going to be merged soon ? Sorry, I cannot merge this as it conflicts with an internal version we have of the same BOF but implemented differently.

Great stuff. I will leave it open for others to take advantage of the PR.

Yea, I'll be looking at doing both in time. Guess I'll have to come up with a different name though once dumping logins :)

All cookies shouldn't be too difficult, but that will only work with JSON output mode, not header mode

I've noticed this with loopback based NTLM auths. Doesn't seem to effect functionality.