Skip to content

Command line interface to dump LSASS memory to disk via SilentProcessExit

Notifications You must be signed in to change notification settings

UBFI/LsassSilentProcessExit

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
 
 
 
 
 
 
 
 

Repository files navigation

LsassSilentProcessExit

New method of causing WerFault.exe to dump lsass.exe process memory to disk for credentials extraction via silent process exit mechanism without crasing lsass.exe.

Usage:
LsassSilentProcessExit.exe <PID of LSASS.exe> <DumpMode>

Where DumpMode can be:

  0 - Call RtlSilentProcessExit on LSASS process handle
  1 - Call CreateRemoteThread on RtlSilentProcessExit on LSASS

About

Command line interface to dump LSASS memory to disk via SilentProcessExit

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • C++ 100.0%