Dump LSASS Process Memory

Use a custom module to dump process memory from LSASS. This requires either Administrator or SYSTEM privileges and Windows Defender Real Time Protection to be disabled. A new version of this module will use PssSnapShot to avoid dumping directly from LSASS. This is meant to be a demonstration of modular credential dumping. defender before using this TTP.
View Command

To view this TTPs command, you must be logged in with a professional or enterprise license.


Test this TTP

Download Operator (1.7.0)