NtDump icon indicating copy to clipboard operation
NtDump copied to clipboard

verified publisher icon florylsk

Metadata

Indirect NT syscalls LSASS dumper.

NtDump

Description

LSASS process dumper with (mostly) NT API indirect syscalls. Currently undetected under many AV/EDR solutions.

Usage

.\NtDump.exe (Get-Process lsass).Id path_to_dump

Credits

https://github.com/Dec0ne/HWSyscalls/

Metadata

25
Stars
3
Forks
Watchers

Owner

verified publisher icon florylsk

Metadata

Indirect NT syscalls LSASS dumper.

Back