Tag: pypykatz
-
NativeDump: Stealthy LSASS Dumping Tool Bypasses EDRs Using Only NTAPIs
NativeDump allows to dump the lsass process using only NTAPIs generating a Minidump file with only the streams needed to be parsed by tools like Mimikatz or Pypykatz (SystemInfo, ModuleList and Memory64List Streams). NTOpenProcessToken and NtAdjustPrivilegeToken to get the “SeDebugPrivilege” privilege RtlGetVersion to get the Operating System version details (Major version, minor version and build…
-
pypykatz: Mimikatz implementation in pure Python
pypykatz Mimikatz implementation in pure Python Why do I need these dumps files? To create mimikatz in Python, one would have to create structure definitions of a gazillion different structures (check the original code) without the help of the built-in parser that you’d naturally get from using a native compiler. Now, the problem is that…