Operator On The Wire
Join
← Back to Knowledge Base
BLUE TEAM / DFI / MEMORY / DUMP / VOLATILITY / Credential

hashdump

Extracts SAM hashes

Usage

  • Unauthorized dumping
  • Dump artifacts in memory

Commands:

# Dump local SAM hashes (Volatility 2)
vol.py -f <mem> --profile=<profile> hashdump

# Dump local SAM hashes (Volatility 3)
python3 vol.py -f <mem> windows.hashdump