{"id":21400578,"url":"https://github.com/cybersecurityup/lsassdumpsyscall","last_synced_at":"2026-02-28T22:31:54.076Z","repository":{"id":249580931,"uuid":"831908408","full_name":"CyberSecurityUP/LsassDumpSyscall","owner":"CyberSecurityUP","description":"Lsass Dump using MiniDump Method and Direct Syscall Technique","archived":false,"fork":false,"pushed_at":"2024-07-22T03:01:46.000Z","size":729,"stargazers_count":4,"open_issues_count":1,"forks_count":3,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-10-03T19:35:20.603Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"C++","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/CyberSecurityUP.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-07-22T00:40:04.000Z","updated_at":"2025-08-31T13:22:02.000Z","dependencies_parsed_at":"2024-07-27T03:32:25.765Z","dependency_job_id":null,"html_url":"https://github.com/CyberSecurityUP/LsassDumpSyscall","commit_stats":null,"previous_names":["cybersecurityup/lsassdumpsyscall"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/CyberSecurityUP/LsassDumpSyscall","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CyberSecurityUP%2FLsassDumpSyscall","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CyberSecurityUP%2FLsassDumpSyscall/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CyberSecurityUP%2FLsassDumpSyscall/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CyberSecurityUP%2FLsassDumpSyscall/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/CyberSecurityUP","download_url":"https://codeload.github.com/CyberSecurityUP/LsassDumpSyscall/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CyberSecurityUP%2FLsassDumpSyscall/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29953287,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-28T18:42:55.706Z","status":"ssl_error","status_checked_at":"2026-02-28T18:42:48.811Z","response_time":90,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-22T15:23:05.589Z","updated_at":"2026-02-28T22:31:54.044Z","avatar_url":"https://github.com/CyberSecurityUP.png","language":"C++","funding_links":[],"categories":[],"sub_categories":[],"readme":"# LsassDumpSyscall\n\n## Overview\nLsassDumpSyscall is a specialized utility designed to securely dump the memory contents of the `lsass.exe` process, which is crucial for managing security policies and storing security information on Windows operating systems. The primary objective of this tool is to facilitate security research and testing by enabling the analysis of `lsass.exe` without leveraging high-profile tools like Mimikatz that are commonly detected by antivirus software.\n\n- **Direct System Calls**: The tool bypasses the Windows API layer by utilizing direct system calls to interact with the operating system. This method minimizes the tool's footprint and avoids common API hooking techniques used by malware detection systems.\n- **Elevated Privilege Checks**: It ensures that it is run with elevated privileges (administrator rights), which are necessary for accessing `lsass.exe` memory.\n- **Debug Privilege Enabling**: The utility attempts to enable debug privileges for the process to ensure it can access sensitive processes like `lsass.exe`.\n- **Memory Dumping**: Utilizes the `MiniDumpWriteDump` function to create a complete memory dump of `lsass.exe`, which can be useful for forensic analysis and security research.\n\n## System Requirements\n- Windows operating system with administrative privileges.\n- Proper configuration to allow for direct system calls (may require adjustments on different versions of Windows).\n\nUse this table for Syscall Numbers (https://j00ru.vexillium.org/syscalls/nt/64/)\n\n## References\n\nhttps://github.com/Offensive-Panda/D3MPSEC/tree/main\n\nhttps://github.com/outflanknl/Dumpert\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcybersecurityup%2Flsassdumpsyscall","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcybersecurityup%2Flsassdumpsyscall","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcybersecurityup%2Flsassdumpsyscall/lists"}