Operator On The Wire
Join
← Back to Knowledge Base
BLUE TEAM / DFI / MEMORY / DUMP / VOLATILITY / Credential

lsadump

Extracts LSA secrets

Usage

  • Credential harvesting detection

Commands

# Dump LSA secrets (Volatility 2)  
vol.py -f <mem> --profile=<profile> lsadump  
  
# Dump LSA secrets (Volatility 3)  
python3 vol.py -f <mem> windows.lsadump