Yep. The general technique of scraping memory for private keys and certificates a pretty well-known and established. Particularly in forensics and malware circles.
I don't point it out to engage in the "who was first" thing. But to point out that this is very much an applied attack in the real world. Real attackers (includes "forensics analysts", incase you don't consider them "attackers" too) have been using this technique in malware as well as countermeasures/investigations for quite a while, now.
I don't point it out to engage in the "who was first" thing. But to point out that this is very much an applied attack in the real world. Real attackers (includes "forensics analysts", incase you don't consider them "attackers" too) have been using this technique in malware as well as countermeasures/investigations for quite a while, now.
See: http://www.trapkit.de/research/sslkeyfinder/
https://github.com/emonti/yara-ruby/blob/master/samples/sslk...
http://volatility-labs.blogspot.com/2013/05/movp-ii-21-rsa-p...
EDIT: actually a much earlier discussion is from '98 by none other than Shamir
https://www.cs.jhu.edu/~astubble/600.412/s-c-papers/keys2.pd... [PDF]