add --duplicate-local technique · this allows nanodump to open a handle to LSASS with PROCESS_QUERY_LIMITED_INFORMATION and elevate the handle later this way, we might bypass several detections

This page summarizes the projects mentioned and recommended in the original post on /r/blueteamsec
cna bof lsass cobalt-strike

InfluxDB - Power Real-Time Data Analytics at Scale
Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
www.influxdata.com
featured
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com
featured

  • nanodump

    The swiss army knife of LSASS dumping

  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

    InfluxDB logo
NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts

  • nanodump: The swiss army knife of LSASS dumping now supports the PPLMedic exploit meaning you can dump LSASS on an up-to-date system with PPL enabled

    1 project | /r/blueteamsec | 30 Apr 2023

  • Ways to Dump LSASS

    1 project | /r/redteamsec | 20 Aug 2022

  • Alan c2 post-exploitation framework v5.0 - All you can in-memory edition

    2 projects | /r/redteamsec | 19 Dec 2021

  • GitHub - helpsystems/nanodump: Dumping LSASS has never been so stealthy

    1 project | /r/WindowsSecurity | 11 Nov 2021

  • ScreenshotBOF: An alternative screenshot capability for Cobalt Strike that uses WinAPI and does not perform a fork & run. Screenshot saved to disk as a file.

    1 project | /r/blueteamsec | 23 Oct 2022