Skip to content

deepinstinct/LsassSilentProcessExit

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
LsassSilentProcessExit
LsassSilentProcessExit
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
SilentProcessExit.sln
SilentProcessExit.sln
 
 

Repository files navigation

LsassSilentProcessExit

New method of causing WerFault.exe to dump lsass.exe process memory to disk for credentials extraction via silent process exit mechanism without crasing lsass.exe.

Usage:
LsassSilentProcessExit.exe <PID of LSASS.exe> <DumpMode>

Where DumpMode can be:

  0 - Call RtlSilentProcessExit on LSASS process handle
  1 - Call CreateRemoteThread on RtlSilentProcessExit on LSASS

About

Command line interface to dump LSASS memory to disk via SilentProcessExit

Resources

Readme
Activity
Custom properties

Stars

454 stars

Watchers

6 watching

Forks

63 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages