core-jmp

core-jmp

death of core jump

  • Home
  • windows
  • Reverse Engineering
  • exploitation
  • shellcode
  • About
  • Privacy Policy

HomeLSASS

Posts in category: LSASS

Ghost in the PPL - LSASS Memory Dump

Ghost in the PPL – LSASS Memory Dump

March 15, 2026
by oxfemale DebugexploitationLSASSPoCPPLReverse EngineeringSecuritywinapiwinapiwindows

The article explains a technique for dumping memory from the protected LSASS process (PPL). It analyzes limitations of PPL protection and demonstrates how MiniDumpWriteDump and existing process handles can be used to extract credential data.

Read More

Recent Posts

  • EDR Internals for macOS and Linux
  • Peeling Back the Socket Layer: Reverse Engineering Windows AFD.sys
  • LOLExfil: Stealthy Data Exfiltration Using Living-Off-the-Land Techniques
  • Reverse Engineering the Tapo C260 and Tapo Discovery Protocol v2
  • Decrypting and Abusing Predefined BIOCs in Palo Alto Cortex XDR

Archives

  • March 2026
  • February 2026
  • January 2026
  • November 2025
  • September 2025

Active Directory APC byovd bypass callbacks cpp debug Detection Engineering dll EDR EDRBypass EDR Evasion EDREvasion Embedded Security Embedded Systems escalation firmware Hardware Hacking injection IoT Security kernel library loader Offensive Security poc Post-Exploitation PPL Privilege Escalation process Process Injection red team RedTeam Red Teaming Reverse Engineering ROP Security Research shellcode system Vulnerability Research winapi windows Windows Internals Windows Kernel Windows security WindowsSecurity

Categories

  • access
  • ACE
  • ACL
  • Active Directory
  • AD CS
  • Administrator
  • alloc
  • ALPC
  • Antivirus
  • APC
  • ASM
  • ASR
  • attaks
  • Audio
  • AV
  • BitLocker
  • Bluetooth
  • BSoD
  • buffer overflow
  • BYOVD
  • Bypassing
  • Cache
  • Callbacks
  • CLFS
  • cmd
  • Containers
  • Cortex XDR
  • cpp
  • CPU
  • Credential Attacks
  • Crypt
  • Cryptography
  • CryptoPro
  • Debug
  • Defender
  • DEP
  • DFIR
  • DMA
  • Driver
  • dump
  • EDR
  • Encryption
  • Escalation
  • ESP32
  • Evasion
  • Eventlog
  • exploitation
  • filesystem
  • firmware
  • Flash
  • Gadgets
  • GATT
  • Ghidra
  • Hardware
  • impact
  • Injection
  • IOCTL
  • IoT
  • kernel
  • kernel-mode
  • Library
  • Linux
  • LNK
  • Loader
  • LOLExfil
  • LSA
  • LSASS
  • MacOS
  • Malware
  • MS-DOS
  • MS-EVEN
  • MS-LSAD
  • MS-SAMR
  • Network
  • Palo Alto
  • PBA
  • PCI
  • PEB
  • Penetration Testing
  • Plugins
  • PoC
  • powershell
  • powershell
  • PPL
  • Privilege
  • Protection
  • PXE
  • Python
  • QEMU
  • RCE
  • RedTeam
  • Registry
  • Reverse Engineering
  • root
  • ROP
  • RPC
  • Rust
  • SAM
  • Secure Boot
  • Security
  • shellcode
  • Shortcut
  • STM32H5
  • TCP/IP
  • TEB
  • Telegram
  • TPM
  • UAC
  • UART
  • Uncategorized
  • user-mode
  • Warbird
  • WASM
  • winapi
  • winapi
  • WinDBG
  • windows
  • Winsock
Log in
    © 2026 core-jmp. All rights reserved.
    Shopping Basket