Skip to content
/ NativeDump Public

Dump lsass using only Native APIs by hand-crafting Minidump files (without MinidumpWriteDump!!!)

ricardojoserf.github.io/nativedump/
440 stars 62 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

ricardojoserf/NativeDump

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

33 Commits
Decoder
Decoder
 
 
NativeDump
NativeDump
 
 
NativeDump.sln
NativeDump.sln
 
 
README.md
README.md
 
 

Repository files navigation

NativeDump - "c-flavour" branch

This branch implements the same functionality as the main branch using C/C++:

  • Minidump file generation using only NTAPIS
  • Overwrite the Ntdll.dll library (Optional)
  • XOR encoding (Optional)
NativeDump.exe <OVERWRITE_TECHNIQUE> <FILENAME> <XOR_KEY>

c1

You can use use an argument for overwriting the ntdll.dll library:

  • "disk": Using a DLL already on disk. The default path is "C:\Windows\System32\ntdll.dll".
  • "knowndlls": Using the KnownDlls folder.
  • "debugproc": Using a process created in debug mode. The default process is "c:\windows\system32\calc.exe"

c2

It is also possible to encode the file with a custom XOR key:

c3

And then decode it using Decoder.exe in the attack machine:

Decoder.exe salaries.xlsx file.dmp NativeDump2024

c4

About

Dump lsass using only Native APIs by hand-crafting Minidump files (without MinidumpWriteDump!!!)

ricardojoserf.github.io/nativedump/

Topics

security-tools mimikatz lsass redteam-tools lsass-dump

Resources

Readme
Activity

Stars

440 stars

Watchers

7 watching

Forks

62 forks
Report repository

Releases

No releases published

Sponsor this project

Languages