Dump LSASS Process Memory

/static/assets/windows-logo.svg
Use a custom module to dump process memory from LSASS. This requires either Administrator or SYSTEM privileges and Windows Defender Real Time Protection to be disabled. A new version of this module will use PssSnapShot to avoid dumping directly from LSASS. This is meant to be a demonstration of modular credential dumping. defender before using this TTP.
locked
View Command

To view this TTPs command, you must be logged in with a professional or enterprise license.

Login

Test this TTP

Download Operator (1.7.0)