yasminenicol
commented
1 year ago this was for invalid file signature dumped by nano ssp module, this probled solved by this command:
[nano git source]/scripts/restore_signature.exe
Closed yasminenicol closed 1 year ago
yasminenicol
commented
1 year ago this was for invalid file signature dumped by nano ssp module, this probled solved by this command:
[nano git source]/scripts/restore_signature.exe
i am using nanodump for dumping lsass.exe. everything is ok, but when i get to mimikatz by following command,got error:
mimikatz.exe "sekurlsa::minidump <path/to/dumpfile>" "sekurlsa::logonPasswords full" exit
i use "x64 nanodump ssp dll", and AddSecurityPackage winapi for attaching to lsass
when i was testing all way's, detect that nanodump specified dump file size(default=>report.docx),is different from procmon.exe Full and Mini dump output.
my test:
procmon full = 71 MB ,procmon mini = 1.6 MB
nanodump = 11 MB