CYBER MONGOL
  • ASATA
  • Our Journey
  • Intelligence Engine
  • Human-Machine Teaming
  • Operator Research
  • Achievements and Media
  • Counter Intelligence
  • ASATA
  • Our Journey
  • Intelligence Engine
  • Human-Machine Teaming
  • Operator Research
  • Achievements and Media
  • Counter Intelligence
Search by typing & pressing enter

YOUR CART

2/24/2021

Dump Lsass with SharpMiniDump NTFS transactions + UAC bypass + Exfil .dmp file to Dropbox

Dump Lsass with SharpMiniDump NTFS transactions + UAC bypass + Exfil .dmp file to Dropbox. Overall, MDE BlockMode did a good job articulating this vector in the device timeline. Utilizing SharpMiniDump NTFS transactions (a fork of b4rtik/SharpMiniDump) to avoid writing the dump file to disk and exfiltrating it out to an awaiting Dropbox, made a big difference in avoiding being blocked from executing. The UAC bypass (Medium.exe) executes enough to drop into high-integrity and fire SharpMiniDump (SMD.exe). It took forever to upload the .dmp file to Dropbox - which eventually lost out to my patience (killed process before .dmp file finished). With some work, this may be a good vector.

Lsass Dumper: https://lnkd.in/eD3m2gu

UAC Bypass: https://lnkd.in/dwXdNiE


#cyberthreatintelligence #infosec #cybersecurity #informationsecurity #threatintelligence #networksecurity #sec #security #tools #offensivesecurity #pentesting #redteam #blueteam

Comments are closed.

    Archives

    December 2021
    November 2021
    October 2021
    July 2021
    June 2021
    May 2021
    April 2021
    March 2021
    February 2021
    January 2021
    September 2020
    August 2020
    July 2020

    Categories

    All

    RSS Feed

contact us:
© COPYRIGHT 2015. ALL RIGHTS RESERVED.