
Recently, I was involved with a challenging pentesting project. Using the KeeThief utility from GhostPack, I tried to extract the master password for the open-source KeePass database from the process memory. Too bad, EDR was monitoring the system and prevented me from doing this: after all, KeeThief injects shellcode into a remote process in a classical oldie-goodie way, and in 2022, such actions have no chance to go unnoticed.
Read full article →