skelsec
skelsec
Was this your card? ``` == LogonSession == authentication_id 322002 (4e9d2) session_id 1 username magnify domainname WIN11 logon_server WIN11 logon_time 2025-02-21T11:42:29.403870+00:00 sid S-1-5-21-800810350-130866625-3627431900-1004 luid 322002 == MSV == Username: magnify...
jokes aside, should there be some credentials in the wdigest package?
the more data the merrier. What happened is that MS modified the layout of `WLsaEnumerateLogonSession` so it's now not just a simple ptr retrieval to get to the start of...
@mgrottenthaler may I ask for another dump of the same machine but after restart?
pushed fix, now pypykatz should support win24h2
@M1ndo this is strange. The change required to parse your dump file is straightforward but what I don't know yet is how to check when the updated struct needs to...
> mainly a couple questions: > > 1. What tools do you use to find/get the information? > 2. Are there any documents/books explaining how to do it? I read...
@powerdemon the correct logic to detect which template to use is not up to date, but can you please elaborate why would one use the `live` version? I literally made...
@jsdhasfedssad can you either share the dump file itself, or at least the msv dll timestamp?
> > [@M1ndo](https://github.com/M1ndo) this is strange. The change required to parse your dump file is straightforward but what I don't know yet is how to check when the updated struct...