Lsass Shtinkering

New method of dumping LSASS by abusing the Windows Error Reporting service. It sends a message to the service with the ALPC protocol to report an exception on LSASS. This report will cause the service to dump the memory of LSASS.

Prerequisites

The registry value "DumpType" under "HKLM\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps" should be set to 2.

Credits

Asaf Gilboa

References

https://media.defcon.org/DEF%20CON%2030/DEF%20CON%2030%20presentations/Asaf%20Gilboa%20-%20LSASS%20Shtinkering%20Abusing%20Windows%20Error%20Reporting%20to%20Dump%20LSASS.pdf

Name		Name	Last commit message	Last commit date
Latest commit History 4 Commits
LSASS_Shtinkering		LSASS_Shtinkering
.gitignore		.gitignore
LSASS_Shtinkering.sln		LSASS_Shtinkering.sln
README.md		README.md

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Lsass Shtinkering

Prerequisites

Credits

References

About

Releases

Packages

Contributors 2

Languages

deepinstinct/Lsass-Shtinkering

Folders and files

Latest commit

History

Repository files navigation

Lsass Shtinkering

Prerequisites

Credits

References

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Contributors 2

Languages

Packages