If it is TLS you can get the keys used in the session from lsass’ memory. I’ve e... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		jborean93 on July 18, 2023 \| parent \| context \| favorite \| on: Windows 11 collects an awful lot of telemetry abou... If it is TLS you can get the keys used in the session from lsass’ memory. I’ve even written a tool to do so in PowerShell https://gist.github.com/jborean93/6c1f1b3130f2675f1618da5663.... This will generate a log file that contains the keys needed for Wireshark to decrypt TLS traffic.

pieter_mj on July 18, 2023 [–]

My claim is it's not standard TLS or there's an additional layer (external encryption key) because an actual decryption of telemetry traffic has never been demonstrated.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact