.webp "Arena-Hard-Auto : Advancing LLM Evaluation With Style Control Integration")
.webp "How To Install/Run – Streamlining OSINT Workflows For Enhanced Capabilities")
This tool leverages the Process Forking technique using the RtlCreateProcessReflection API to clone the lsass.exe process.
Once the clone is created, it utilizes MINIDUMP_CALLBACK_INFORMATION callbacks to generate a memory dump of the cloned process.
Steps
- Getting the handle of Lsass.exe process
- Cloning Lsass.exe process using RtlCreateProcessReflection (Process Forking)
- Using MINIDUMP_CALLBACK_INFORMATION callbacks to create cloned process minidump
- Confirming the dump content and size.
- Terminating the cloned process.
Usage
Simply execute the compiled file.
ReflectDump.exe Offline Dumping
Use Mimikatz or Pypykatz to parse the dump file offline.
sekurlsa::minidump [filename] sekurlsa::logonpasswords
pypykatz lsa minidump [filename]Upcoming Features
* Encrypt dump before writing on disk to bypass static detection.
* Exfiltrate on C2 Server
.webp "SecureSphere Labs – A Haven For Cybersecurity Innovators And Ethical Hackers")
.webp "XC : A Comprehensive Guide To Netcat – Like Reverse Shell For Linux And Windows")
