Sunday, May 22, 2022

nanodump – Dumping LSASS using syscalls


A Beacon Object File that creates a minidump of the LSASS process.


It uses syscalls (with SysWhispers2) for most operations

You can choose to download the dump without touching disk or write it to a file

The minidump by default has an invalid signature to avoid detection

It reduces the size of the dump by ignoring irrelevant DLLs. The (nano)dump tends to be arround 10 MB in size

You don’t need to provide the PID of LSASS

No calls to dbghelp or any other library are made…

Read More

Latest news
Related news