Modules that interact with LSASS should allow for manually inputting the PID

[sugoiaoi]

The SMB modules that interact with LSASS should allow you to supply the PID of the LSASS process. I have frequently experienced issues with running lsassy and nanodump, where once it issues the tasklist/findstr combo looking for lsass, it gets flagged. I have always been able to determine the LSASS PID in other ways, so it would be nice to be able to supply it as a module option in the hopes of getting through defenses.

[NeffIsBack]

Thanks for the feature request.

Sure that should be relatively easy to do. We could also switch to detecting the lsass pid by querying the api similar to the --tasklist arg to avoid that command execution. However, I have low hopes for the AV evasion because most of the binaries are flagged immediately by any decent AV. Doesn't hurt to add tho.