wolfcod/lsassdump

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/wolfcod/lsassdump)

wolfcod / lsassdump

lsassdump via RtlCreateProcessReflection and NanoDump

☆86

Alternatives and similar repositories for lsassdump

Users that are interested in lsassdump are comparing it to the libraries listed below

Sorting:

Offensive-Panda / LsassReflectDumping
View on GitHub
This tool leverages the Process Forking technique using the RtlCreateProcessReflection API to clone the lsass.exe process. Once the clone…
☆216Oct 19, 2024Updated last year
NtDallas / KrakenMask
View on GitHub
Sleep obfuscation
☆270Dec 13, 2024Updated last year
deh00ni / NtDumpBOF
View on GitHub
☆100Sep 1, 2024Updated last year
0xEr3bus / RdpStrike
View on GitHub
Positional Independent Code to extract clear text password from mstsc.exe using API Hooking via HWBP.
☆250Jun 11, 2024Updated last year
Octoberfest7 / Secure_Stager
View on GitHub
An x64 position-independent shellcode stager that verifies the stage it retrieves prior to execution
☆195Nov 27, 2024Updated last year
ricardojoserf / TrickDump
View on GitHub
Dump lsass using only NTAPI functions creating 3 JSON and 1 ZIP file... and generate the MiniDump file later!
☆541May 9, 2025Updated 10 months ago
deepinstinct / DCOMUploadExec
View on GitHub
DCOM Lateral movement POC abusing the IMsiServer interface - uploads and executes a payload remotely
☆384Dec 13, 2024Updated last year
vxCrypt0r / AMSI_VEH
View on GitHub
A Powershell AMSI Bypass technique via Vectored Exception Handler (VEH). This technique does not perform assembly instruction patching, f…
☆169May 30, 2024Updated last year
0xsp-SRD / MDE_Enum
View on GitHub
comprehensive .NET tool designed to extract and display detailed information about Windows Defender exclusions and Attack Surface Reducti…
☆211Jun 10, 2024Updated last year
rweijnen / createdump
View on GitHub
Leverage WindowsApp createdump tool to obtain an lsass dump
☆153Sep 20, 2024Updated last year
Meowmycks / LetMeowIn
View on GitHub
A sophisticated, covert Windows-based credential dumper using C++ and MASM x64.
☆444Jul 8, 2024Updated last year
ioncodes / SilentLoad
View on GitHub
"Service-less" driver loading
☆184Nov 28, 2024Updated last year
rasta-mouse / process-inject-kit
View on GitHub
Port of Cobalt Strike's Process Inject Kit
☆192Dec 1, 2024Updated last year
reveng007 / DarkWidow
View on GitHub
Indirect Dynamic Syscall, SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird …
☆787Jan 26, 2026Updated last month
naksyn / DojoLoader
View on GitHub
Generic PE loader for fast prototyping evasion techniques
☆245Jul 2, 2024Updated last year
zimnyaa / remotechrome
View on GitHub
dump Chrome cookies remotely with atexec and CDP
☆69Aug 10, 2024Updated last year
safedv / RustiveDump
View on GitHub
LSASS memory dumper using only NTAPIs, creating a minimal minidump. It can be compiled as shellcode (PIC), supports XOR encryption, and r…
☆385Apr 26, 2025Updated 10 months ago
REDMED-X / OperatorsKit
View on GitHub
Collection of Beacon Object Files (BOF) for Cobalt Strike
☆680Aug 15, 2025Updated 7 months ago
rad9800 / BootExecuteEDR
View on GitHub
☆410Dec 8, 2024Updated last year
NtDallas / Draugr
View on GitHub
BOF with Synthetic Stackframe
☆233Oct 30, 2025Updated 4 months ago
cpu0x00 / Ghost
View on GitHub
Evasive shellcode loader
☆400Oct 17, 2024Updated last year
itm4n / PPLrevenant
View on GitHub
Bypass LSA protection using the BYODLL technique
☆172Sep 21, 2024Updated last year
ricardojoserf / NativeBypassCredGuard
View on GitHub
Bypass Credential Guard by patching WDigest.dll using only NTAPI functions
☆268Apr 8, 2025Updated 11 months ago
Mr-Un1k0d3r / .NetConfigLoader
View on GitHub
.net config loader
☆349Nov 9, 2023Updated 2 years ago
Cracked5pider / earlycascade-injection
View on GitHub
early cascade injection PoC based on Outflanks blog post
☆239Nov 7, 2024Updated last year
OtterHacker / SetProcessInjection
View on GitHub
☆153Oct 2, 2023Updated 2 years ago
boku7 / patchwerk
View on GitHub
BOF that finds all the Nt* system call stubs within NTDLL and overwrites with clean syscall stubs (user land hook evasion)
☆195Feb 6, 2025Updated last year
Octoberfest7 / enumhandles_BOF
View on GitHub
☆126Sep 1, 2024Updated last year
Offensive-Panda / RWX_MEMEORY_HUNT_AND_INJECTION_DV
View on GitHub
Abusing Windows fork API and OneDrive.exe process to inject the malicious shellcode without allocating new RWX memory region.
☆290May 27, 2024Updated last year
iilegacyyii / DataInject-BOF
View on GitHub
Hijacks code execution via overwriting Control Flow Guard pointers in combase.dll
☆151Apr 18, 2025Updated 11 months ago
ricardojoserf / NativeTokenImpersonate
View on GitHub
Impersonate Tokens using only NTAPI functions
☆84Apr 4, 2025Updated 11 months ago
0xEr3bus / PoolPartyBof
View on GitHub
A beacon object file implementation of PoolParty Process Injection Technique.
☆438Dec 21, 2023Updated 2 years ago
CICADA8-Research / Spyndicapped
View on GitHub
COM ViewLogger — new malware keylogging technique
☆407Jan 6, 2025Updated last year
vxCrypt0r / Voidmaw
View on GitHub
A new technique that can be used to bypass memory scanners. This can be useful in hiding problematic code (such as reflective loaders imp…
☆343Oct 7, 2024Updated last year
Maldev-Academy / HellHall
View on GitHub
Performing Indirect Clean Syscalls
☆605Apr 19, 2023Updated 2 years ago
VoldeSec / PatchlessInlineExecute-Assembly
View on GitHub
Porting of BOF InlineExecute-Assembly to load .NET assembly in process but with patchless AMSI and ETW bypass using hardware breakpoint.
☆277Apr 17, 2023Updated 2 years ago
VoldeSec / PatchlessCLRLoader
View on GitHub
.NET assembly loader with patchless AMSI and ETW bypass
☆374Apr 19, 2023Updated 2 years ago
passthehashbrowns / VectoredExceptionHandling
View on GitHub
☆108Aug 21, 2024Updated last year
OtterHacker / AWSRedirector
View on GitHub
☆58Feb 16, 2025Updated last year