/ActuallyDumpThatLSASS

Dumping LSASS by Unhooking MiniDumpWriteDump by getting a fresh DbgHelp.dll copy from the disk , plus functions and strings obfuscation , it contains Anti-sandbox , if you run it under unperformant Virtual Machine you need to uncomment the code related to it and recompile.

Primary LanguageC

ActuallyDumpThatLSASS - Fixed and polished code so other researchers don't have to.

It's Fully Undetectable and bypass almost all the vendors AV/EDRs, it doesn't bypass RunAsPPL It's not Fully Undetectable and doesn't bypass all AV/EDRs.

Dumping LSASS by Unhooking MiniDumpWriteDump and possibly other hooks by getting copies of multiple libraries from the disk and using them to overwrite images loaded in memory, plus functions and strings obfuscation (this time actually done correctly), duplicate LSASS handle.

The execution may take time, bcz of sandboxing check enumeration of all processes.

MiniLSASS

DumpThatLsass