Another tool to perform minidump of LSASS process using few technics to avoid detection.
POSTDump is the C# / .NET implementation of the ReactOS minidump function (like nanodump), thus avoiding call to the Windows API MiniDumpWriteDump function.
The dump logic code is saved under the POSTMinidump
project, feel free to use it for your own projects. Such as NanoDump, you can encrypt or use an invalid signature for the minidump.
Usage of ProcExp driver is supported to dump/kill protected processes.
Dump LSASS:
c:\Temp>PostDump.exe --help
-o, --output Output filename [default: Machine_datetime.dmp] (fullpath handled)
-e, --encrypt Encrypt dump in-memory
-s, --signature Generate invalid Minidump signature
--snap Use snapshot technic
--fork Use fork technic [default]
--elevate-handle Open a handle to LSASS with low privileges and duplicate it to gain higher privileges
--duplicate-elevate Look for existing lsass handle to duplicate and elevate
--asr Attempt LSASS dump using ASR bypass (win10/11/2019) (no signature/no encrypt)
--driver Use Process Explorer driver to open lsass handle (bypass PPL) and dump lsass
--kill [processID] Use Process Explorer driver to kill process and exit
--help Display this help screen.
--version Display version information.
Pystinger is a Python-based tool that enables SOCKS4 proxying and port mapping through webshells. It…
Introduction When it comes to cybersecurity, speed and privacy are critical. Public vulnerability databases like…
Introduction When it comes to cybersecurity, speed and privacy are critical. Public vulnerability databases like…
If you are working with Linux or writing bash scripts, one of the most common…
What is a bash case statement? A bash case statement is a way to control…
Why Do We Check Files in Bash? When writing a Bash script, you often work…