Extract data from modern Chrome versions, including refresh tokens, cookies, saved credentials, autofill data, browsing history, and bookmarks
☆555Jan 8, 2026Updated last month
Alternatives and similar repositories for DumpChromeSecrets
Users that are interested in DumpChromeSecrets are comparing it to the libraries listed below
Sorting:
- PowerShell tool that shows how to read and write NTLM OWF values via samlib.dll.☆72Oct 22, 2025Updated 4 months ago
- AppLocker-Based EDR Neutralization☆323Dec 19, 2025Updated 2 months ago
- template for developing custom C2 channels for Cobalt Strike using IAT hooks applied by a reflective loader.☆101Jan 10, 2026Updated last month
- Extracts browser-stored data such as refresh tokens, cookies, saved credentials, credit cards, autofill entries, browsing history, and bo…☆580Feb 14, 2026Updated 2 weeks ago
- Implementing Ghostly-Hollowing using tampered syscalls for remote PE injection☆71Dec 26, 2025Updated 2 months ago
- This is the tool to dump the LSASS process on modern Windows 11☆560Nov 1, 2025Updated 4 months ago
- Hijacks code execution via overwriting Control Flow Guard pointers in combase.dll☆137Apr 18, 2025Updated 10 months ago
- A BOF that's a BOF Loader and more☆199Jan 17, 2026Updated last month
- adws enumeration bof☆169Feb 16, 2026Updated 2 weeks ago
- A Beacon Object File (BOF) for Havoc/CS to Bypass PPL and Dump Lsass☆167Sep 22, 2025Updated 5 months ago
- Remote BOF Runner is a Havoc extension framework for remote execution of Beacon Object Files (BOFs) using a PIC loader made with Crystal …☆89Jan 2, 2026Updated 2 months ago
- SharpSilentChrome is a C# project that "silently" installs browser extensions on Google Chrome or MS Edge by updating the browsers' Prefe…☆189Aug 6, 2025Updated 7 months ago
- ☆65Mar 15, 2024Updated last year
- Cobalt Strike BOF for evasive .NET assembly execution☆308Mar 31, 2025Updated 11 months ago
- EDR-Freeze is a tool that puts a process of EDR, AntiMalware into a coma state.☆807Nov 1, 2025Updated 4 months ago
- ProfileHound - BloodHound OpenGraph collector for user profiles stored on domain machines. Make informed decisions about looting secrets …☆155Jan 3, 2026Updated 2 months ago
- Using Chromium-based browsers as a proxy for C2 traffic.☆146Dec 6, 2025Updated 3 months ago
- Attempting to Hook LSASS APIs to Retrieve Plaintext Credentials☆54May 12, 2025Updated 9 months ago
- The ADSyncDump BOF is a port of Dirk-Jan Mollema's adconnectdump.py / ADSyncDecrypt into a Beacon Object File (BOF) with zero dependencie…☆171Sep 3, 2025Updated 6 months ago
- Helps defenders find their WSUS configurations in the wake of CVE-2025-59287☆46Oct 28, 2025Updated 4 months ago
- Two tools written in C that block network traffic for blacklisted EDR processes, using either Windows Defender Firewall (WDF) or Windows …☆264Sep 23, 2025Updated 5 months ago
- Collection of BOFs created for red team/adversary engagements. Created to be small and interchangeable, for quick recon or eventing.☆237Feb 20, 2026Updated 2 weeks ago
- ☆159Dec 13, 2024Updated last year
- A tool to transform Chromium browsers into a C2 Implant☆555Dec 17, 2025Updated 2 months ago
- LSASS memory dumper using only NTAPIs, creating a minimal minidump. It can be compiled as shellcode (PIC), supports XOR encryption, and r…☆384Apr 26, 2025Updated 10 months ago
- Abusing Azure services over C2☆367Jan 20, 2026Updated last month
- A lightweight tool that injects a custom assembly proxy into a target process to silently bypass AMSI scanning by redirecting AmsiScanBuf…☆62May 16, 2025Updated 9 months ago
- An EDR bypass that prevents EDRs from hooking or loading DLLs into our process by hijacking the AppVerifier layer☆541Feb 13, 2024Updated 2 years ago
- ☆108Aug 21, 2024Updated last year
- Extract the SAM and SYSTEM hives using the Volume Shadow Copy (VSS) API. With exfiltration and XOR obfuscation options. Implemented in C#…☆341Feb 2, 2026Updated last month
- Blog/Journal on how to backdoor VSCode extensions☆77Feb 24, 2026Updated last week
- Attacking the cleanup_module function of a kernel module☆56Jun 30, 2025Updated 8 months ago
- Windows rootkit designed to work with BYOVD exploits☆216Jan 18, 2025Updated last year
- RunPE implementation with multiple evasive techniques (2)☆273Sep 25, 2025Updated 5 months ago
- A tool employs direct registry manipulation to create scheduled tasks without triggering the usual event logs.☆614Jan 2, 2025Updated last year
- .NET assembly loader with patching AMSI and ETW bypass☆31Apr 16, 2025Updated 10 months ago
- Dump lsass using only NTAPI functions creating 3 JSON and 1 ZIP file... and generate the MiniDump file later!☆539May 9, 2025Updated 9 months ago
- ☆100Sep 1, 2024Updated last year
- A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the …☆1,823Nov 3, 2024Updated last year