🐚 GTFOBins πŸͺŸ LOLBAS πŸ’Ύ Compiled Binaries 🩸 BloodHound 🩸 bloodyAD πŸ“œ Certipy ☁️ Cloud ⚑ goexec πŸ€– HackTricks πŸ”Œ HardwareATT πŸ“¦ Impacket 🏰 InternalATT πŸ”€ Ligolo-ng 🐱 Mimikatz πŸ’£ msfvenom πŸ”§ NetExec πŸ€– OSAI πŸ’₯ PATT 🍳 Recipes 🎟️ Rubeus 🐍 Sliver
🐱 Mimikatz / process

process

Enumerate and manage Windows processes.

list β€” Enumerate Processes

List all running processes with their PIDs.

mimikatz # process::list

Example output:

0       (null)
4       System
228     smss.exe
312     csrss.exe
...
688     lsass.exe
...
2712    mimikatz.exe

exports β€” List Module Exports

List exported functions from a process's modules.

mimikatz # process::exports [/pid:<pid>] [/name:<processname>]

imports β€” List Module Imports

List imported functions for a process.

mimikatz # process::imports [/pid:<pid>] [/name:<processname>]

start β€” Start a Process

Start a new process.

mimikatz # process::start <program> [/args:<arguments>]

stop β€” Stop a Process

Terminate a process.

mimikatz # process::stop [/pid:<pid>] [/name:<processname>]

suspend β€” Suspend a Process

Suspend all threads in a process.

mimikatz # process::suspend [/pid:<pid>] [/name:<processname>]

resume β€” Resume a Process

Resume a suspended process.

mimikatz # process::resume [/pid:<pid>] [/name:<processname>]

Notes

  • Used primarily for process inspection and management within mimikatz context
  • process::list is useful for identifying PID of LSASS (typically 688) for targeted operations
  • process::suspend + process::exports / process::imports useful for binary analysis tasks