From 2ce655c8c0a41c2d5d0edb992a29f85a0115f7e0 Mon Sep 17 00:00:00 2001
From: Chris Mavrakis <cmavr8@users.noreply.github.com>
Date: Thu, 20 Jun 2019 16:34:39 +0200
Subject: [PATCH] Fix typos and do minor cosmetic language tweaks

---
 README.md | 17 ++++++++---------
 1 file changed, 8 insertions(+), 9 deletions(-)

diff --git a/README.md b/README.md
index 1079862..35f7555 100644
--- a/README.md
+++ b/README.md
@@ -1,24 +1,23 @@
-### Dumpert, a LSASS memory dumper using direct system calls and API unhooking
+### Dumpert, an LSASS memory dumper using direct system calls and API unhooking
 
 Recent malware research shows that there is an increase in malware that is using direct system calls to evade user-mode API hooks used by security products.
-These tools demonstrates the use of direct System Calls and API unhooking and combine these techniques in a proof of concept code which can be used to create a LSASS memory dump using Cobalt Strike, 
-while not touching disk and evading AV/EDR monitored user-mode API calls.
+This tool demonstrates the use of direct System Calls and API unhooking and combine these techniques in a proof of concept code which can be used to create an LSASS memory dump using Cobalt Strike, while not touching disk and evading AV/EDR-monitored user-mode API calls.
 
 More info about the used techniques can be found on the following Blog: 
 https://outflank.nl/blog/2019/06/19/red-team-tactics-combining-direct-system-calls-and-srdi-to-bypass-av-edr/
 
-Two version of the code are included:
+Two versions of the code are included:
 
-An executable version and a DLL version of the code. 
-The DLL version can be run as follow:
+An executable and a DLL version. 
+The DLL version can be run as follows:
 
 ```
 rundll32.exe C:\Dumpert\Outflank-Dumpert.dll,Dump
 ```
 
-Also a sRDI version of the code is provided, including an Cobalt Strike agressor script.
+Also, an sRDI version of the code is provided, including a Cobalt Strike agressor script.
 This script uses shinject to inject the sRDI shellcode version of the dumpert DLL into the current process. 
-Then it waits a few seconds for the lsass minidump to finish and finally download the minidump file from the victim host.
+Then it waits a few seconds for the lsass minidump to finish and finally downloads the minidump file from the victim host.
 
 Compile instructions:
 
@@ -27,4 +26,4 @@ This project is written in C and assembly.
 You can use Visual Studio to compile it from source.
 ```
 
-The sRDI code can be found here: https://github.com/monoxgas/sRDI
\ No newline at end of file
+The sRDI code can be found here: https://github.com/monoxgas/sRDI