Aur3ns / lsassStealerView external linksLinks
Morpheus is an lsass stealer that extracts lsass.exe in RAM and exfiltrates it via forged and crypted NTP packets. For authorized testing only!
☆159Jun 19, 2025Updated 7 months ago
Alternatives and similar repositories for lsassStealer
Users that are interested in lsassStealer are comparing it to the libraries listed below
Sorting:
- This tool leverages the Process Forking technique using the RtlCreateProcessReflection API to clone the lsass.exe process. Once the clone…☆214Oct 19, 2024Updated last year
- An Aggressor Script that utilizes NtCreateUserProcess to run binaries☆30Jan 30, 2025Updated last year
- ☆53Sep 23, 2025Updated 4 months ago
- Red teaming tool to dump LSASS memory, bypassing basic countermeasures.☆245Nov 2, 2025Updated 3 months ago
- lsassdump via RtlCreateProcessReflection and NanoDump☆84Oct 18, 2024Updated last year
- A C++ proof of concept demonstrating the exploitation of Windows Protected Process Light (PPL) by leveraging COM-to-.NET redirection and …☆332Mar 6, 2025Updated 11 months ago
- POC for CVE-2024-3183 (FreeIPA Rosting)☆27Aug 20, 2024Updated last year
- Shadow Dumper is a powerful tool used to dump LSASS memory, often needed in penetration testing and red teaming. It uses multiple advance…☆568May 22, 2025Updated 8 months ago
- Generic PE loader for fast prototyping evasion techniques☆244Jul 2, 2024Updated last year
- Dump lsass using only NTAPI functions creating 3 JSON and 1 ZIP file... and generate the MiniDump file later!☆534May 9, 2025Updated 9 months ago
- SoaPy is a Proof of Concept (PoC) tool for conducting offensive interaction with Active Directory Web Services (ADWS) from Linux hosts.☆260Feb 21, 2025Updated 11 months ago
- NyxInvoke is a Rust CLI tool for running .NET assemblies, PowerShell, and BOFs with Patchless AMSI and ETW bypass features. with Dual-bui…☆231Feb 12, 2025Updated last year
- TeamServer and Client of Exploration Command and Control Framework☆177Jan 6, 2026Updated last month
- Generate and Manage KeyCredentialLinks☆245Jan 30, 2026Updated 2 weeks ago
- ☆198Mar 28, 2025Updated 10 months ago
- Attempting to Hook LSASS APIs to Retrieve Plaintext Credentials☆61May 12, 2025Updated 9 months ago
- Positional Independent Code to extract clear text password from mstsc.exe using API Hooking via HWBP.☆249Jun 11, 2024Updated last year
- ☆125Sep 5, 2024Updated last year
- Hijacks code execution via overwriting Control Flow Guard pointers in combase.dll☆135Apr 18, 2025Updated 9 months ago
- Port of Cobalt Strike's Process Inject Kit☆190Dec 1, 2024Updated last year
- Auto exploitation tool for CVE-2024-24401.☆36Sep 7, 2024Updated last year
- Lateral Movement via Bitlocker DCOM interfaces & COM Hijacking☆433Jun 27, 2025Updated 7 months ago
- Activation Context Hijack☆169Aug 3, 2025Updated 6 months ago
- LSASS memory dumper using only NTAPIs, creating a minimal minidump. It can be compiled as shellcode (PIC), supports XOR encryption, and r…☆381Apr 26, 2025Updated 9 months ago
- Active Directory Authentication Library☆90Nov 7, 2025Updated 3 months ago
- ☆19Nov 28, 2024Updated last year
- Dump lsass using only NTAPI functions by hand-crafting Minidump files (without MiniDumpWriteDump!!!)☆698May 7, 2025Updated 9 months ago
- Bypass Credential Guard by patching WDigest.dll using only NTAPI functions☆266Apr 8, 2025Updated 10 months ago
- ☆55May 31, 2025Updated 8 months ago
- SCCMSecrets.py aims at exploiting SCCM policies distribution for credentials harvesting, initial access and lateral movement.☆260Nov 22, 2025Updated 2 months ago
- Smart keylogging capability to steal SSH Credentials including password & Private Key☆151Mar 26, 2025Updated 10 months ago
- Tool for viewing NTDS.dit☆191Mar 14, 2025Updated 11 months ago
- Offensive GPO dumping and analysis tool that leverages and enriches BloodHound data☆354Jan 8, 2026Updated last month
- Azure Post Exploitation Framework☆244Oct 27, 2025Updated 3 months ago
- A cross-platform tool to find and decrypt Group Policy Preferences passwords from the SYSVOL share using low-privileged domain accounts☆167Jun 29, 2025Updated 7 months ago
- Leverage WindowsApp createdump tool to obtain an lsass dump☆153Sep 20, 2024Updated last year
- .NET Post-Exploitation Utility for Abusing Strong Explicit Certificate Mappings in ADCS☆150Feb 10, 2025Updated last year
- A BloodHound collector for Microsoft Configuration Manager☆364Jul 7, 2025Updated 7 months ago
- RunAs Utility Credential Stealer implementing 3 techniques : Hooking CreateProcessWithLogonW, Smart Keylogging, Remote Debugging☆203Mar 6, 2025Updated 11 months ago