Dumpert
LSASS dumper
A tool for creating a low-level memory dump of the LSASS process using direct system calls and API unhooking.
LSASS memory dumper using direct system calls and API unhooking.
1k stars
37 watching
243 forks
Language: C
last commit: almost 4 years ago Related projects:
| Repository | Description | Stars |
|---|---|---|
 alfarom256/bof-foreignlsass | A tool for duplicating an existing process's handle to LSASS, allowing dumping of the local session store. | 97 |
 seventeenman/callbackdump | A utility that allows dumping the memory of the LSASS process without triggering antivirus signatures or sandbox detection. | 545 |
 deepinstinct/lsass-shtinkering | Exploits Windows Error Reporting to dump LSASS memory | 377 |
 hagrid29/duplicatedump | Tools to dump LSASS memory without detection using custom LSA plugin and duplicated handle | 199 |
 alexandernst/memory-dumper | A tool for extracting data from process memory | 36 |
| outflanknl/inlinewhispers | Tool to generate inline assembly code for direct system calls in COBalt Strike's Beacon Object Files (BOF) | 308 |
 fortra/nanodump | Creates a minidump of the LSASS process | 1,789 |
 codewhitesec/handlekatz | A tool that uses cloned handles to create an obfuscated memory dump of the Lsass process. | 573 |
 rootbsd/fridump3 | A memory dumping tool using Frida to access and dump process memory from various platforms. | 180 |
 xforcered/credbandit | A proof-of-concept tool for dumping the memory of a process and sending it back through a custom communication channel. | 232 |
 lloydlabs/delete-self-poc | A tool to delete locked or running files from disk by manipulating the current process's handle and file disposition | 497 |
| outflanknl/c2-tool-collection | Tools for exploiting vulnerabilities in Windows systems and gathering information about networked computers. | 1,143 |
 fmstrat/lcs | A tool to populate the All feed of a new Lemmy instance with communities from other instances. | 70 |
 gdbinit/readmem | A tool to dump processes memory on screen or to a binary file. | 222 |
 espressocake/ppldump_bof | A tool for dumping the memory contents of a protected process on Windows | 135 |