This tool leverages the Process Forking technique using the RtlCreateProcessReflection API to clone the lsass.exe process.
Once the clone is created, it utilizes MINIDUMP_CALLBACK_INFORMATION callbacks to generate a memory dump of the cloned process.
Simply execute the compiled file.
ReflectDump.exe Use Mimikatz or Pypykatz to parse the dump file offline.
sekurlsa::minidump [filename] sekurlsa::logonpasswords
pypykatz lsa minidump [filename]* Encrypt dump before writing on disk to bypass static detection.
* Exfiltrate on C2 ServerStarship is a powerful, minimal, and highly customizable cross-shell prompt designed to enhance the terminal…
Lemmy is an innovative, open-source platform designed for link aggregation and discussion, providing a decentralized…
The latest release of ImHex v1.37.0 introduces a host of exciting features and improvements, enhancing…
Ghauri is a cutting-edge, cross-platform tool designed to automate the detection and exploitation of SQL…
Writing tools have become indispensable for individuals looking to enhance their writing efficiency, accuracy, and…
PatchWerk is a proof-of-concept (PoC) tool designed to clean NTDLL syscall stubs by patching syscall…