NanoDump
A Beacon Object File that creates a minidump of the LSASS process.
Features
It uses syscalls (with SysWhispers2) for most operations
You can choose to download the dump without touching disk or write it to a file
The minidump by default has an invalid signature to avoid detection
It reduces the size of the dump by ignoring irrelevant DLLs. The (nano)dump tends to be arround 10 MB in size
You don’t need to provide the PID of LSASS
No calls to dbghelp or any other library are made…