TrickDump update - BOF File and C/C++ ports
Updating TrickDump and creating a BOF File.
Pentester | OSCE(3) CRTM CRTL GXPN GRTP
Updating TrickDump and creating a BOF File.
Updating NativeDump and creating a BOF File.
TrickDump allows to dump the lsass process without generating a Minidump file, generating instead three JSON files and one zip file with memory regions’ dumps.
NativeDump allows to dump the lsass process using only NTAPIs. The original project is written in .NET and has been ported to Python and Golang, allowing file exfiltration and 3 methods for ntdll overwrite (both optional).
Overwrite ntdll.dll’s “.text” section using a clean version of the DLL using Golang.
Overwrite ntdll.dll’s “.text” section using a clean version of the DLL using Python.
NativeDump allows to dump the lsass process using only NTAPIs generating a Minidump file with only the streams needed to be parsed by tools like Mimikatz or Pypykatz (SystemInfo, ModuleList and Memory64List Streams).