BLUE TEAM / DFI / MEMORY / DUMP / VOLATILITY / Handles & Tokens

handles

Walks the Handle table

Usage

Suspicious handles to LSASS
Token duplication
Elevated handle access

Commands

# List all handles  
vol.py -f <mem> --profile=<profile> handles  
  
# Filter handles by PID and type  
vol.py -f <mem> --profile=<profile> handles -p <PID> -t <Type>