Another tool to perform minidump of LSASS process using few technics to avoid detection.
POSTDump is the C# / .NET implementation of the ReactOS minidump function (like nanodump), thus avoiding call to the Windows API MiniDumpWriteDump function.
The dump logic code is saved under the POSTMinidump
project, feel free to use it for your own projects. Such as NanoDump, you can encrypt or use an invalid signature for the minidump.
Usage of ProcExp driver is supported to dump/kill protected processes.
Dump LSASS:
c:\Temp>PostDump.exe --help
-o, --output Output filename [default: Machine_datetime.dmp] (fullpath handled)
-e, --encrypt Encrypt dump in-memory
-s, --signature Generate invalid Minidump signature
--snap Use snapshot technic
--fork Use fork technic [default]
--elevate-handle Open a handle to LSASS with low privileges and duplicate it to gain higher privileges
--duplicate-elevate Look for existing lsass handle to duplicate and elevate
--asr Attempt LSASS dump using ASR bypass (win10/11/2019) (no signature/no encrypt)
--driver Use Process Explorer driver to open lsass handle (bypass PPL) and dump lsass
--kill [processID] Use Process Explorer driver to kill process and exit
--help Display this help screen.
--version Display version information.
Docker is a powerful open-source containerization platform that allows developers to build, test, and deploy…
Docker is one of the most widely used containerization platforms. But there may come a…
Introduction Google Dorking is a technique where advanced search operators are used to uncover information…
Introduction In cybersecurity and IT operations, logging fundamentals form the backbone of monitoring, forensics, and…
What is Networking? Networking brings together devices like computers, servers, routers, and switches so they…
Introduction In the world of Open Source Intelligence (OSINT), anonymity and operational security (OPSEC) are…