NativeDump - Dump Lsass Using Only Native APIs By Hand-Crafting Minidump Files (Without MinidumpWriteDump!)

NativeDump is a tool that allows users to dump the lsass process using NTAPIs, generating a Minidump file that can be parsed by tools like Mimikatz or Pypykatz. The tool creates a minimal Minidump file with three streams: SystemInfo, ModuleList, and Memory64List. It uses various NTAPIs to obtain necessary information and privileges, and can be configured to create a file locally or send it to a remote machine with optional encoding or encryption. The tool has been tested on Windows 10 and 11 devices and is currently undetected by common security solutions.