public static void Lsass(int type = 0) { if (type == 0) { CredAccessHelper.LsassMemoryDump(); } else { CredAccessHelper.LsassRead(); } }
public static void LsassMemoryDump(string log) { string currentPath = AppDomain.CurrentDomain.BaseDirectory; Lib.Logger logger = new Lib.Logger(currentPath + log); logger.SimulationHeader("T1003.001"); try { CredAccessHelper.LsassMemoryDump(logger); logger.SimulationFinished(); } catch (Exception ex) { logger.SimulationFailed(ex); } }
public static void Lsass(string log, int type = 0) { string currentPath = AppDomain.CurrentDomain.BaseDirectory; Lib.Logger logger = new Lib.Logger(currentPath + log); logger.SimulationHeader("T1003"); //logger.TimestampInfo(String.Format("Starting T1003 Simulation on {0}", Environment.MachineName)); //logger.TimestampInfo(String.Format("Simulation agent running as {0} with PID:{1}", System.Reflection.Assembly.GetEntryAssembly().Location, Process.GetCurrentProcess().Id)); try { CredAccessHelper.LsassMemoryDump(logger); logger.SimulationFinished(); } catch (Exception ex) { logger.SimulationFailed(ex); } }