"topic:lsass-dump" — Search

14 results for “topic:lsass-dump”

ricardojoserf/NativeDump

Dump lsass using only NTAPI functions by hand-crafting Minidump files (without MiniDumpWriteDump!!!)

C#70196Updated 2 weeks ago

lsasslsass-dumpntapintdll-unhookingredteam-toolssecurity-tools

ricardojoserf/TrickDump

Dump lsass using only NTAPI functions creating 3 JSON and 1 ZIP file... and generate the MiniDump file later!

C#54156Updated 5 days ago

lsasslsass-dumpmimikatzntapintdll-unhookingredteam-toolssecurity-tools

safedv/RustiveDump

LSASS memory dumper using only NTAPIs, creating a minimal minidump. It can be compiled as shellcode (PIC), supports XOR encryption, and remote file transmission.

Rust38550Updated 5 days ago

lsass-dumpoffensive-securityposition-independent-coderedteamrust-lang

vari-sh/RedTeamGrimoire

🔥📜 Forbidden collection of Red Team sorcery 📜🔥

C35270Updated 2 days ago

bypass-avbypass-edrlsasslsass-dumpmaldevredteamredteam-tools

Offensive-Panda/LsassReflectDumping

This tool leverages the Process Forking technique using the RtlCreateProcessReflection API to clone the lsass.exe process. Once the clone is created, it utilizes MINIDUMP_CALLBACK_INFORMATION callbacks to generate a memory dump of the cloned process

C++21626Updated 5 days ago

callbacksforklsass-dumpmimikatzminidump

0xsh3llf1r3/ColdWer

Cobalt Strike BOF to freeze EDR/AV processes and dump LSASS using WerFaultSecure.exe PPL bypass

C11821Updated 2 days ago

av-bypassbeacon-object-filebofcobalt-strikecredential-dumpingedr-bypassedr-evasionedr-freezelsass-dumpoffensive-securityppl-bypassred-teamwindows-security

coleak2021/hidedump

Hidedump:a lsassdump tools that may bypass EDR

C516Updated 1 month ago

bypass-avcedr-bypasslsass-dumpwindows

Offensive-Panda/D3MPSEC

"D3MPSEC" is a memory dumping tool designed to extract memory dump from Lsass process using various techniques, including direct system calls, randomized procedures, and prototype name obfuscation. Its primary purpose is to bypass both static and dynamic analysis techniques commonly employed by security measures.

C++286Updated 2 months ago

lsass-dumpmalware-developmentnativeapioffensive-securitysyscalls

ErenCanOzmn/CredentialGuardBypass

By manipulating LSASS memory flags like UseLogonCredential and IsCredGuardEnabled, this repo demonstrates how Credential Guard can be bypassed—restoring cleartext credentials despite the protection appearing active. Requires SYSTEM-level access and targets VBS-based defenses.

C++142Updated 2 months ago

active-directoryactive-directory-securitycredential-guardcybersecuritylsasslsass-dumpmimikatzsecurity-toolswindowswindows-security

wesmar/KvcForensic

Windows LSA credential extractor for lsass.dmp minidumps. Targets Windows 11 24H2/25H2 and Windows Server 2025. Pure Win32, no DbgHelp, no dependencies. Extracts MSV, WDigest, Kerberos, CredMan, DPAPI. AES-CFB128 and 3DES-CBC decryption via BCrypt

C++60Updated 1 day ago

cleartext-passwordscredential-extractiondpapi-secretskerberos-ticketslsa-parsinglsass-dumpmemory-analysisntlm-hashesoffline-forensicswindows-11-25h2windows-server-2025

mendax0110/lsassDumper

dump lsass

C++10Updated 1 year ago

hackinghacking-toolhacking-toolslsasslsass-dumpred-team

FlameBudy/MSSQLServer-CLR-CommandKit

A single stored procedure transformed into a multi-functional tool like a Swiss Army knife after exploitation — an attack-focused SQL CLR toolset: file system control, payload preparation, privilege escalation, and shellcode/assembly loaders.

C#10Updated just now

command-executiondcomexploit-developmentlsass-dumpmssql-clroffensive-securitypayload-generationpost-exploitationpotato-exploitsprivilege-escalationrpcshellcode-loadersql-serversqlclrsysadmin-toolswindows-internals

MitraLothbrok/RemoteProcessManipulationAndMemoryDump

DLL injection, memory dump of process С++

C++00Updated 1 year ago

dll-injectionhacking-codelsass-dumpmalwarememory-dumppentesting-windowsremote-process-manipulationtrojanvirustotalwinapi

Rakum713/ColdWer

🥶 Freeze EDR/AV processes with ColdWer, using WerFaultSecure.exe PPL bypass to extract LSASS memory on modern Windows systems.

C00Updated 1 hour ago

av-bypassbeacon-object-filebofcobalt-strikecredential-dumpingedr-bypassedr-evasionedr-freezelsass-dumpoffensive-securityppl-bypassred-teamwindows-security