LSASS Dumping: Techniques, Evasion, and Detection
LSASS credential dumping is one of the most reliable post-exploitation techniques. Survey of methods from MiniDump to direct syscalls and custom loaders, with detection logic and Sysmon rules for each approach.