LSASS Dumping Using DFIR Tools
Автор: The Weekly Purple Team
Загружено: 2024-05-10
Просмотров: 3503
Описание:
In today's video, I show a way to dump LSASS without dumping just the LSASS process. We are using DFIR tools to dump all of the memory, exfil the file created, and then dump the credentials of the box. This is a foolproof method and will get by almost every EDR solution. You will have to deal with a large file size, but in today's day and age, this isn't as big of a problem as it has been in the past.
WinPmem
https://github.com/Velocidex/WinPmem/...
Volatility
https://github.com/volatilityfoundati...
Chapters
00:00 Introduction
00:28 Credential Guard
02:05 WinPmem
04:18 Dumping Memory
05:31 SIEM Rules for Detection of Memory Dumping
07:52 Dumping Creds with Volatility
10:36 Please Turn on Credential Guard! Do IT Now!
10:57 Outro
Повторяем попытку...
Доступные форматы для скачивания:
Скачать видео
-
Информация по загрузке:
