How to Dump LSASS.exe Process Memory with Nanodump BOF - Windows Defender Bypass скачать в хорошем качестве

How to Dump LSASS.exe Process Memory with Nanodump BOF - Windows Defender Bypass

Be better than yesterday - In this video, we explore the importance of dumping the LSASS.exe process memory for credentials harvesting. The video provides an introduction to LSASS.exe process memory dumping in order to understand why this technique is critical and essential for an adversary when it comes to the cyber kill chain - lateral movement life cycle. The video then provides some examples on how we can dump the LSASS.exe process memory, which all of the techniques were detected and prevented by Microsoft Windows Defender. Following which, a short introduction on Beacon Object Files (BOF) was provided and a practical hands-on demonstration was shown on how to utilise a publicly available BOF loader tool, COFFLoader.exe by TrustedSec, in order to execute the Nanodump BOF (.o) file. Ultimately, it was possible to successfully dump the LSASS.exe process memory, bypassing the latest Windows Defender running on a Windows 11 fully updated machine. Stay connected: Twitter:   / gemini_security   Udemy: https://www.udemy.com/user/gemini-88/ Github: https://github.com/gemini-security Discord:   / discord   References used: BOF Introduction by Authors of Cobalt Strike: https://hstechdocs.helpsystems.com/ma... MITRE ATTACK on LSASS Dumping: https://attack.mitre.org/techniques/T... TrustedSec's Articles on BOF: https://www.trustedsec.com/blog/coffl... https://www.trustedsec.com/blog/opera... COFFLoader and Nanodump: https://github.com/trustedsec/COFFLoader https://github.com/fortra/nanodump Gemini Security Awesome Hacking T-Shirts - Support the channel: https://www.redbubble.com/people/Gemi...