Tag: credential dumping
-
LSASS-Free Larceny: Extracting NTLMv1 Hashes with DumpGuard BOF
DumpGuard BOF Beacon Object File (BOF) port of DumpGuard for extracting NTLMv1 hashes from sessions on modern Windows systems. This repository contains a Beacon Object File (BOF) implementation of DumpGuard, ported from the original C#/.NET implementation to pure C for use with Havoc and other C2 frameworks that support BOF execution. This is a Proof of Concept (PoC)…
-
DumpGuard Tool Bypasses Credential Guard to Steal NTLMv1 Hashes
DumpGuard is a credential dumping tool that can extract the NTLMv1 hashes of users on modern Windows systems. The tool relies on the Remote Credential Guard protocol, and allows credential dumping even when Credential Guard is enabled on the local host. You may download prebuilt copies from the release section of this repository. Usage Overview The following table depicts…
-
NativeDump: Stealthy LSASS Dumping Tool Bypasses EDRs Using Only NTAPIs
NativeDump allows to dump the lsass process using only NTAPIs generating a Minidump file with only the streams needed to be parsed by tools like Mimikatz or Pypykatz (SystemInfo, ModuleList and Memory64List Streams). NTOpenProcessToken and NtAdjustPrivilegeToken to get the “SeDebugPrivilege” privilege RtlGetVersion to get the Operating System version details (Major version, minor version and build…
-
wcreddump: Fully automated windows credentials dumper, from SAM and WINHELLO
wcreddump On one hand, sam dumping tools are widely used, but surprisingly not very automated. On the other hand, WINHELLO pin-dumping tools barely exist. This simple and lightweight Python script is made to automate the process of credential dumping for both of these cases. Requirements Requires the following conditions : To be run from a…