Forwarded from APT
⚙️ MultiDump
This is a post-exploitation tool written in C for dumping and extracting LSASS memory discreetly. MultiDump supports LSASS dump via ProcDump.exe or Comsvc.dll, it offers two modes: a local mode that encrypts and stores the dump file locally, and a remote mode that sends the dump to a handler for decryption and analysis
🔗 https://github.com/Xre0uS/MultiDump
#lsass #remote #cpp #python
This is a post-exploitation tool written in C for dumping and extracting LSASS memory discreetly. MultiDump supports LSASS dump via ProcDump.exe or Comsvc.dll, it offers two modes: a local mode that encrypts and stores the dump file locally, and a remote mode that sends the dump to a handler for decryption and analysis
🔗 https://github.com/Xre0uS/MultiDump
#lsass #remote #cpp #python
👍5🥰1
Forwarded from $ᴘ3ᴅʏʟ1👾
LSASS Memory Dumps are Stealthier than Ever Before
[+] MiniDumpWriteDump (Vitaminizing MiniDump)
[+] Comsvcs.dll
[+] Direct syscall [GitHub]
[+] Nano dump [info]
[+] Dump with trusted process
Look at all of them 1
Look at All of them 2
T1003.001 - OS Credential Dumping: LSASS Memory
Lsass for everyone [advanced]
WINDOWS SECRETS EXTRACTION: A SUMMARY by synacktiv
https://t.iss.one/Source_byte
#malware_dev #lsass
Dumping is implemented by interfacing with various external tools:
comsvcs
comsvcs_stealth
dllinject
procdump
procdump_embedded
dumpert
dumpertdll
ppldump
ppldump_embedded
mirrordump
mirrordump_embedded
wer
EDRSandBlast
nanodump
rdrleakdiag
silentprocessexit
sqldumper
[+] MiniDumpWriteDump (Vitaminizing MiniDump)
[+] Comsvcs.dll
[+] Direct syscall [GitHub]
[+] Nano dump [info]
[+] Dump with trusted process
Look at all of them 1
Look at All of them 2
T1003.001 - OS Credential Dumping: LSASS Memory
Lsass for everyone [advanced]
WINDOWS SECRETS EXTRACTION: A SUMMARY by synacktiv
https://t.iss.one/Source_byte
#malware_dev #lsass
❤5👍1🔥1