BOF-ForeignLsass

LSASS Dumper

A tool for duplicating an existing process's handle to LSASS, allowing dumping of the local session store.

98 stars

2 watching

25 forks

Language: C

last commit: over 3 years ago

Related projects:

Repository	Description	Stars
outflanknl/dumpert	A tool for creating a low-level memory dump of the LSASS process using direct system calls and API unhooking.	1,496
seventeenman/callbackdump	A utility that allows dumping the memory of the LSASS process without triggering antivirus signatures or sandbox detection.	548
hagrid29/duplicatedump	Tools to dump LSASS memory without detection using custom LSA plugin and duplicated handle	199
fortra/nanodump	Creates a minidump of the LSASS process	1,813
deepinstinct/lsass-shtinkering	Exploits Windows Error Reporting to dump LSASS memory	378
espressocake/ppldump_bof	A tool for dumping the memory contents of a protected process on Windows	136
codewhitesec/handlekatz	A tool that uses cloned handles to create an obfuscated memory dump of the Lsass process.	575
xforcered/credbandit	A proof-of-concept tool for dumping the memory of a process and sending it back through a custom communication channel.	233
octoberfest7/dropspawn_bof	A CobaltStrike payload that uses DLL hijacking to spawn additional Beacons on Windows systems	219
m57/cobaltstrike_bofs	Exploits SeBackupPrivilege to dump remote system hives and credentials.	159
anott03/nvim-lspinstall	A replacement for neovim's :LspInstall function to install language servers for its built-in lsp.	88
otterhacker/coffloader	An implementation of in-house CoffLoader supporting CobaltStrike standard BOF and BSS initialized variables.	48
yireo/yireo_dumpcmscontent	A Magento 2 module to dump CMS pages and blocks to a folder for Tailwind CSS configuration	16
alexandernst/memory-dumper	A tool for extracting data from process memory	36
netero1010/servicemove-bof	A tool that exploits a Windows vulnerability to execute arbitrary code on remote systems using a technique called DLL hijacking.	284