Сложный, скрытый дампер LSASS с использованием C++ и MASM x64.
Позволяет избежать обнаружения с помощью различных средств, таких как:
- Manually implementing NTAPI operations through indirect system calls
- Breaking telemetry features (i.e ETW)
- Polymorphism through compile-time hash generation
- Obfuscating API function names and pointers
- Duplicating existing LSASS handles instead of opening new ones
- Creating offline copies of the LSASS process to perform memory dumps on
- Corrupting the MDMP signature of dropped files
📌https://github.com/Meowmycks/LetMeowIn
Мы в VK: https://vk.com/darkwebex
