*WARNING* if you use fgdump like I did, it extracts pwdump to %TEMP% at run time, which is detected by AV.
First of all, I was floored when this worked. Really AV? It’s that easy? Really?
So here is the break down, go get “Resource Hacker“… You’re almost done. Only 3 steps left. (1 of which is optional)
I started with fgdump, a well known hashdumping/pwdump tool. It’s detected by 80% of all AVs and by all the top 10.![]()
![]()
![]()
![]()
![]()
↧