NativeDump: Stealthy LSASS Dumping Tool Bypasses EDRs Using Only NTAPIs
NativeDump allows to dump the lsass process using only NTAPIs generating a Minidump file with only the streams needed to be parsed by tools like Mimikatz or Pypykatz (SystemInfo, ModuleList and Memory64List Streams). NTOpenProcessToken...
