Lateral Movement
Same as in CRTP:
Extracting Credentials from LSASS
Using Lsass-Shtinkering:
Lsass_Shtinkering.exe
- It uses Windows Error Reporting Service to dump the LSASS process memory.
It manually reports an exception to WER on LSASS that will generate the dump without crashing the process.
- It works on Windows 10, Server 2022.
- During our testing we found that it doesn’t work on Server 2019.