Another tool to perform minidump of LSASS process using few technics to avoid detection.
POSTDump is the C# / .NET implementation of the ReactOS minidump function (like nanodump), thus avoiding call to the Windows API MiniDumpWriteDump function.
The dump logic code is saved under the POSTMinidump
project, feel free to use it for your own projects. Such as NanoDump, you can encrypt or use an invalid signature for the minidump.
Usage of ProcExp driver is supported to dump/kill protected processes.
Dump LSASS:
c:\Temp>PostDump.exe --help
-o, --output Output filename [default: Machine_datetime.dmp] (fullpath handled)
-e, --encrypt Encrypt dump in-memory
-s, --signature Generate invalid Minidump signature
--snap Use snapshot technic
--fork Use fork technic [default]
--elevate-handle Open a handle to LSASS with low privileges and duplicate it to gain higher privileges
--duplicate-elevate Look for existing lsass handle to duplicate and elevate
--asr Attempt LSASS dump using ASR bypass (win10/11/2019) (no signature/no encrypt)
--driver Use Process Explorer driver to open lsass handle (bypass PPL) and dump lsass
--kill [processID] Use Process Explorer driver to kill process and exit
--help Display this help screen.
--version Display version information.
OSINT tool to scrape names and usernames from large friend lists on Facebook, without being…
Telepathy has been described as the "swiss army knife of Telegram tools," allowing OSINT analysts,…
Blackbird is a robust OSINT tool that facilitates rapid searches for user accounts by username…
This is example of scraping public LegiFrance registry's naturalisation decrees for research purposes only (naturalisation…
Sabonis provides a way of quickly parsing EVTX, proxy and PCAP files and extracting just…
AutoExif is a powerful Bash script designed to streamline the process of editing image metadata…