I added option –donotfullsearch in this new version of my tool to extract encryption keys from process memory dumps of beacons.
When this option is used, cs-extract-key.py will not fall back to a full search when string sha256\x00 is not found.
cs-extract-key_V0_0_4.zip (https)Click to Open Code Editor