Nanodump, a flexible tool that creates a minidump of the LSASS process. Features It uses syscalls (with SysWhispers2) for most operations. Syscalls are called from an ntdll address to bypass some syscall detections. It sets the syscall callback hook to NULL. Windows APIs are called using dynamic invoke. You can choose to download the dump without touching disk …
Continue reading “Nanodump : A Crappy LSASS Dumper With No ASCII Art”