LSASS DUMP
ProcDump - https://docs.microsoft.com/en-us/sysinternals/downloads/procdump
Run procdump.exe with LOCAL ADMINISTRATOR PRIVILEGE to dump LSASS.exe process
After copying the lsass.dmp dump file to local machin, use Mimikatz's minidump to extract secrets
Last updated