add –duplicate-local technique · this allows nanodump to open a handle to LSASS with PROCESS_QUERY_LIMITED_INFORMATION and elevate the handle later this way, we might bypass several detections


