HandleKatz tool was implemented as part of our Brucon2021 conference talk and demonstrates the usage of cloned handles to Lsass in order to create an obfuscated memory dump of the same. It compiles down to an executable living fully in its text segment. Thus, the extracted .text segment of the PE file is fully position independent code (=PIC), …
Continue reading “HandleKatz : PIC Lsass Dumper Using Cloned Handles”