Shadow Dumper is a powerful tool used to dump LSASS memory, often needed in penetration testing and red teaming. It uses multiple advanced techniques to dump memory, allowing to access sensitive data in LSASS memory.
☆573May 22, 2025Updated 10 months ago
Alternatives and similar repositories for ShadowDumper
Users that are interested in ShadowDumper are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Dump lsass using only NTAPI functions creating 3 JSON and 1 ZIP file... and generate the MiniDump file later!☆542May 9, 2025Updated 10 months ago
- LSASS memory dumper using only NTAPIs, creating a minimal minidump. It can be compiled as shellcode (PIC), supports XOR encryption, and r…☆385Apr 26, 2025Updated 11 months ago
- This tool leverages the Process Forking technique using the RtlCreateProcessReflection API to clone the lsass.exe process. Once the clone…☆216Oct 19, 2024Updated last year
- DCOM Lateral movement POC abusing the IMsiServer interface - uploads and executes a payload remotely☆383Dec 13, 2024Updated last year
- Red teaming tool to dump LSASS memory, bypassing basic countermeasures.☆247Mar 9, 2026Updated 3 weeks ago
- Wordpress hosting with auto-scaling on Cloudways • AdFully Managed hosting built for WordPress-powered businesses that need reliable, auto-scalable hosting. Cloudways SafeUpdates now available.
- A new technique that can be used to bypass memory scanners. This can be useful in hiding problematic code (such as reflective loaders imp…☆348Oct 7, 2024Updated last year
- Dump lsass using only NTAPI functions by hand-crafting Minidump files (without MiniDumpWriteDump!!!)☆702May 7, 2025Updated 11 months ago
- Remote Kerberos Relay made easy! Advanced Kerberos Relay Framework☆639May 8, 2025Updated 10 months ago
- .NET post-exploitation toolkit for Active Directory reconnaissance and exploitation☆399Jul 23, 2025Updated 8 months ago
- A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the …☆1,844Nov 3, 2024Updated last year
- ☆200Mar 28, 2025Updated last year
- Extract and execute a PE embedded within a PNG file using an LNK file.☆466Nov 2, 2024Updated last year
- PowerShell scripts for alternative SharpHound enumeration, including users, groups, computers, and certificates, using the ActiveDirector…☆401Jan 14, 2026Updated 2 months ago
- Leverage a legitimate WFP callout driver to prevent EDR agents from sending telemetry☆461Aug 2, 2024Updated last year
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting with the flexibility to host WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Cloudways by DigitalOcean.
- ☆234Oct 8, 2024Updated last year
- Bypass Credential Guard by patching WDigest.dll using only NTAPI functions☆268Apr 8, 2025Updated 11 months ago
- .NET Post-Exploitation Utility for Abusing Strong Explicit Certificate Mappings in ADCS☆150Feb 10, 2025Updated last year
- A Rust implementation of Internal-Monologue — retrieving NetNTLM hashes without touching LSASS, leveraging SSPI for NTLM negotiation and …☆192Apr 26, 2025Updated 11 months ago
- DeadPotato is a windows privilege escalation utility from the Potato family of exploits, leveraging the SeImpersonate right to obtain SYS…☆465Aug 17, 2024Updated last year
- Windows remote execution multitool☆786Mar 25, 2026Updated last week
- Proof of Concept (PoC) .NET tool for remotely killing EDR with WDAC☆425Sep 29, 2025Updated 6 months ago
- A Powershell AMSI Bypass technique via Vectored Exception Handler (VEH). This technique does not perform assembly instruction patching, f…☆170May 30, 2024Updated last year
- ☆384Oct 17, 2025Updated 5 months ago
- DigitalOcean Gradient AI Platform • AdBuild production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
- A technique that can be used to bypass AV/EDR memory scanners. This can be used to hide well-known and detected shellcodes (such as msfve…☆592Jun 12, 2024Updated last year
- COM ViewLogger — new malware keylogging technique☆408Jan 6, 2025Updated last year
- Python implementation of GhostPack's Seatbelt situational awareness tool☆271Nov 12, 2024Updated last year
- BOF and Python3 implementation of technique to unbind 445/tcp on Windows via SCM interactions☆348Nov 19, 2024Updated last year
- Sleep obfuscation☆272Dec 13, 2024Updated last year
- ☆410Dec 8, 2024Updated last year
- A Rust implementation of GodPotato — abusing SeImpersonate to gain SYSTEM privileges. Includes a TCP-based reverse shell and indirect NTA…☆358Mar 17, 2026Updated 3 weeks ago
- early cascade injection PoC based on Outflanks blog post☆241Nov 7, 2024Updated last year
- Generating legitimate call stack frame along with indirect syscalls by abusing Vectored Exception Handling (VEH) to bypass User-Land EDR …☆302Jul 31, 2024Updated last year
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting with the flexibility to host WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Cloudways by DigitalOcean.
- ☆343Nov 10, 2025Updated 4 months ago
- ☆158Dec 13, 2024Updated last year
- MultiDump is a post-exploitation tool for dumping and extracting LSASS memory discreetly.☆537Nov 14, 2025Updated 4 months ago
- Active Directory reconnaissance and exploitation for Red Teams via the Active Directory Web Services (ADWS).☆588Mar 19, 2024Updated 2 years ago
- NyxInvoke is a Rust CLI tool for running .NET assemblies, PowerShell, and BOFs with Patchless AMSI and ETW bypass features. with Dual-bui…☆233Feb 12, 2025Updated last year
- Evasive shellcode loader☆400Oct 17, 2024Updated last year
- A BloodHound collector for Microsoft Configuration Manager☆396Jul 7, 2025Updated 9 months ago