This post is a continuation from the “Alternative to LSASS dumping” post that discuss the technique of using DLL search-order hijacking to get malware executed in a high-privileged victim user’s context, as an alternative to dump the memory of LSASS.