The Weekly Purple Team
チャンネル登録者数 6120人
2934 回視聴 ・ 138いいね ・ 2024/05/10
LSASS Dumping Using DFIR Tools
In today's video, I show a way to dump LSASS without dumping just the LSASS process. We are using DFIR tools to dump all of the memory, exfil the file created, and then dump the credentials of the box. This is a foolproof method and will get by almost every EDR solution. You will have to deal with a large file size, but in today's day and age, this isn't as big of a problem as it has been in the past.
WinPmem
github.com/Velocidex/WinPmem/releases
Volatility
github.com/volatilityfoundation/volatility3
Chapters
00:00 Introduction
00:28 Credential Guard
02:05 WinPmem
04:18 Dumping Memory
05:31 SIEM Rules for Detection of Memory Dumping
07:52 Dumping Creds with Volatility
10:36 Please Turn on Credential Guard! Do IT Now!
10:57 Outro
コメント
関連動画
Lawrence: Trump, the stupidest and most cowardly president in American history, backed down again
36万 回視聴
🌧️ Cozy Bedroom Ambience 🎶 Relaxing Piano Jazz Music on a Rainy Night in Paris City for Deep Sleep 😴
3.6万 人が視聴中
Healing Rain Sounds with Native American Flute Music – Meditation, Study, and Relaxation - LIVE 11H
6122 人が視聴中
コメントを取得中...