Blog post: Spoofing Command Line Arguments to Dump LSASS in Rust
Dump LSASS by spoofing command line arguments to procdump. Copies LSASS dump file created by procdump as it's written and saves it to an Rc4 encrypted file. Works on fully updated Windows 10 and Windows 11 as of December 2023. Undetected on Windows 10, but Defender will detect the procdump dump file on Windows 11. That's why it get's encrypted and written to a new file. the encrypted file does not get detected.
