Monday, December 6, 2021

nanodump – Dumping LSASS using syscalls

NanoDump

A Beacon Object File that creates a minidump of the LSASS process.

Features

It uses syscalls (with SysWhispers2) for most operations

You can choose to download the dump without touching disk or write it to a file

The minidump by default has an invalid signature to avoid detection

It reduces the size of the dump by ignoring irrelevant DLLs. The (nano)dump tends to be arround 10 MB in size

You don’t need to provide the PID of LSASS

No calls to dbghelp or any other library are made…

Read More

Latest news
Related news