Skip to content

Inf0secRabbit/MiniDumpSnapshot

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

14 Commits
 
 
 
 

Repository files navigation

MiniDumpSnapshot

Usage: MiniDumpSnapShot.exe

Usage in Cobalt Strike Beacon: execute-assembly <path to the .Net executable>

Upon successful execution you can find the memory.dmp file in C:\Windows\Tasks

This program uses PSSCaptureSnapShot API to take the snapshot of the lsass process.

MiniDumpWriteDump will further use the handle returned by PSSCaptureSnapShot instead of LSASS process.

This project is the result of our research into some AV/EDR bypassing methods.

Credits

This was inspired by awesome work done in SharpSploit by @cobbr - https://github.com/cobbr/SharpSploit

There is also an BOF created for the same by @pwn1sher - https://github.com/pwn1sher/CS-BOFs

About

No description, website, or topics provided.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages