Releases · login-securite/lsassy

Features

Add --copy parameter to copy "cmd.exe" or "powershell.exe" to C:\Windows\Temp with a random name before using them for command execution
Add EDRSandBlast dump method from th3m4ks and Qazeer technique. It will upload their executable, and the vulnerable driver to remove EDR kernel callbacks, dump lsass, and restore EDR kernel callbacks.
Add nanodump method from s4ntiago_p
Add Rdrleakdiag technique technique from 0gtweet

Refactor dependencies to make it easier to create new dump modules based on compiled tools
Possibility to host tools on a SMB server and provide the share path to lsassy
Automatic listing of dump methods and execution methods in help
Update comsvcs_stealth technique using cyb3rops tweet info

New version of lsassy, with lots of new feature, based on some awesome work of awesome people <3

Complete rewrite of the tool
- Way more modular
- Easy way to add new dump method, exec method, output formats
Add new dump methods
- dumpertdll (https://github.com/outflanknl/Dumpert)
- comsvcs_stealth
- procdump_embedded
- dllinject (advanced)
- ppldump (https://github.com/itm4n/PPLdump)
- ppldump_embedded (https://github.com/itm4n/PPLdump)
- wer (https://github.com/PowerShellMafia/PowerSploit/blob/master/Exfiltration/Out-Minidump.ps1)
Add execution methods
- SMB service creation (https://github.com/SecureAuthCorp/impacket)
- SMB service modification (https://raw.githubusercontent.com/Mr-Un1k0d3r/SCShell/master/scshell.py)
- MMC (https://github.com/byt3bl33d3r/CrackMapExec/blob/master/cme/protocols/smb/mmcexec.py)
Add "parse-only" feature to parse remote existing dump
Rewrote multithread logic
Random dump extension by default
Add binary compilation code