You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It's Fully Undetectable and bypass almost all the vendors AV/EDRs, it doesn't bypass RunAsPPL
Dumping LSASS by Unhooking MiniDumpWriteDump by getting a fresh DbgHelp.dll copy from the disk , plus functions and strings obfuscation, duplicate lsass handle from existed processes.
The execution may take time, bcz of sandboxing check
NOTICE
it contains Anti-sandbox , if you run it under unperformant Virtual Machine you need to uncomment the code related to Anti-Debuging and Anti-Sandboxing at the beginning of the main and recompile.
About
Dumping LSASS by Unhooking MiniDumpWriteDump by getting a fresh DbgHelp.dll copy from the disk , plus functions and strings obfuscation , it contains Anti-sandbox , if you run it under unperformant Virtual Machine you need to uncomment the code related to it and recompile.
