This tool leverages the Process Forking technique using the RtlCreateProcessReflection API to clone the lsass.exe process.
Once the clone is created, it utilizes MINIDUMP_CALLBACK_INFORMATION callbacks to generate a memory dump of the cloned process.
Simply execute the compiled file.
ReflectDump.exe Use Mimikatz or Pypykatz to parse the dump file offline.
sekurlsa::minidump [filename] sekurlsa::logonpasswords
pypykatz lsa minidump [filename]* Encrypt dump before writing on disk to bypass static detection.
* Exfiltrate on C2 Servergarak checks if an LLM can be made to fail in a way we don't…
Vermilion is a simple and lightweight CLI tool designed for rapid collection, and optional exfiltration…
ADCFFS is a PowerShell script that can be used to exploit the AD CS container…
Tartufo will, by default, scan the entire history of a git repository for any text…
Loco is strongly inspired by Rails. If you know Rails and Rust, you'll feel at…
A data hoarder’s dream come true: bundle any web page into a single HTML file.…