Red Teaming

Dump Hashes in Windows 11 24H2

lsass.exe hash dump Windows 11 24H2, extract password hashes, tool adaptation

In this blog post, I describe how I managed to read password hashes from the lsass.exe process memory in Windows 11 24H2. Since this version was still very new at the time of writing this post, some of the issues are due to a lack of tool support and should be resolved in the future. However, this post may also help in adapting the tools for later Windows versions.

Cyber Attack Simulation

Cyber attack simulation, red team, attack detection, response testing

A Cyber Attack Simulation recreates realistic, end-to-end attack scenarios to test whether your people, processes, and security tools actually detect and respond to an attacker who is already inside.

Also called an attacker simulation or adversary simulation.

Realistic attack scenarios and typical attack paths are recreated to validate how well your organization can detect and respond to real-world attacks. A penetration test finds vulnerabilities in systems. A cyber attack simulation tests whether your people, processes, and tools actually catch an attacker who is already inside.