Alternatives and similar repositories for dumping_lsass

Users that are interested in dumping_lsass are comparing it to the libraries listed below

• T1erno / bin2shellcode

  View on GitHub
  C++ tool and library for converting .bin files to shellcode in multiple output formats.
  ☆33Aug 18, 2025Updated 5 months ago
• rtecCyberSec / RAITrigger

  View on GitHub
  Local SYSTEM auth trigger for relaying
  ☆168Jul 22, 2025Updated 6 months ago
• EvilWhales / ShadowDropper

  View on GitHub
  ShadowDropper is a utility for covertly delivering and executing payloads on a target system.
  ☆26Jul 4, 2025Updated 7 months ago
• winsecurity / AMSI-Bypass-HWBP

  View on GitHub
  ☆26Aug 11, 2025Updated 6 months ago
• TwoSevenOneT / WSASS

  View on GitHub
  This is the tool to dump the LSASS process on modern Windows 11
  ☆555Nov 1, 2025Updated 3 months ago
• ricardojoserf / TrickDump

  View on GitHub
  Dump lsass using only NTAPI functions creating 3 JSON and 1 ZIP file... and generate the MiniDump file later!
  ☆534May 9, 2025Updated 9 months ago
• YOLOP0wn / yolo-mssqlclient

  View on GitHub
  custom impacket mssqlclient
  ☆26Sep 16, 2023Updated 2 years ago
• garrettfoster13 / mssqlkaren

  View on GitHub
  modified mssqlclient from impacket to extract policies from the SCCM database
  ☆42Nov 4, 2025Updated 3 months ago
• mlcsec / EDRenum-BOF

  View on GitHub
  Identify common EDR processes, directories, and services. Simple BOF of Invoke-EDRChecker.
  ☆128Oct 4, 2024Updated last year
• MythicAgents / Xenon

  View on GitHub
  A Mythic agent for Windows written in C
  ☆156Updated this week
• leftp / RegPersist

  View on GitHub
  a BOF implementation of various registry persistence methods
  ☆95Nov 11, 2025Updated 3 months ago
• trustedsec / Titanis

  View on GitHub
  Windows protocol library, including SMB and RPC implementations, among others.
  ☆614Jan 21, 2026Updated 3 weeks ago
• decoder-it / KrbRelay-SMBServer

  View on GitHub
  ☆235Oct 8, 2024Updated last year
• 0xNinjaCyclone / EarlyCascade

  View on GitHub
  A PoC for Early Cascade process injection technique.
  ☆208Jan 30, 2025Updated last year
• Maldev-Academy / TrapFlagForSyscalling

  View on GitHub
  Bypass user-land hooks by syscall tampering via the Trap Flag
  ☆139Aug 25, 2025Updated 5 months ago
• jsecu / ModTask

  View on GitHub
  ☆53Sep 23, 2025Updated 4 months ago
• tijme / nimplant-beacon-position-independent-c-code

  View on GitHub
  A truly Position Independent Code (PIC) NimPlant C2 beacon written in C, without reflective loading.
  ☆66Feb 11, 2025Updated last year
• NtDallas / Svartalfheim

  View on GitHub
  Stage 0
  ☆169Dec 18, 2024Updated last year
• sokaRepo / CoercedPotatoRDLL

  View on GitHub
  Reflective DLL to privesc from NT Service to SYSTEM using SeImpersonateToken privilege
  ☆224Nov 23, 2023Updated 2 years ago
• MorDavid / NetworkHound

  View on GitHub
  Advanced Active Directory network topology analyzer with SMB validation, multiple authentication methods (password/NTLM/Kerberos), and co…
  ☆655Jan 16, 2026Updated 3 weeks ago
• Offensive-Panda / LsassReflectDumping

  View on GitHub
  This tool leverages the Process Forking technique using the RtlCreateProcessReflection API to clone the lsass.exe process. Once the clone…
  ☆214Oct 19, 2024Updated last year
• alexlee820 / PatchedCLRLoader

  View on GitHub
  .NET assembly loader with patching AMSI and ETW bypass
  ☆31Apr 16, 2025Updated 9 months ago
• two06 / LinkedIntel

  View on GitHub
  LinkedIn recon the easy way
  ☆111Jul 3, 2025Updated 7 months ago
• safedv / RustiveDump

  View on GitHub
  LSASS memory dumper using only NTAPIs, creating a minimal minidump. It can be compiled as shellcode (PIC), supports XOR encryption, and r…
  ☆381Apr 26, 2025Updated 9 months ago
• fin3ss3g0d / StoneKeeper

  View on GitHub
  StoneKeeper C2, an experimental EDR evasion framework for research purposes
  ☆208Dec 25, 2024Updated last year
• LuemmelSec / APEX

  View on GitHub
  Azure Post Exploitation Framework
  ☆244Oct 27, 2025Updated 3 months ago
• MWR-CyberSec / AD-CS-Forest-Exploiter

  View on GitHub
  Exploit AD CS misconfiguration allowing privilege escalation and persistence from any child domain to full forest compromise
  ☆126Dec 2, 2023Updated 2 years ago
• Yeeb1 / SockTail

  View on GitHub
  Lightweight binary that joins a device to a Tailscale network and exposes a local SOCKS5 proxy. Designed for red team operations and ephe…
  ☆500Oct 3, 2025Updated 4 months ago
• cybrly / badsuccessor

  View on GitHub
  ☆120May 29, 2025Updated 8 months ago
• dirkjanm / DeviceToken

  View on GitHub
  Request device ticket/token using the device's MSA
  ☆38Aug 25, 2025Updated 5 months ago
• T3nb3w / ComDotNetExploit

  View on GitHub
  A C++ proof of concept demonstrating the exploitation of Windows Protected Process Light (PPL) by leveraging COM-to-.NET redirection and …
  ☆332Mar 6, 2025Updated 11 months ago
• ricardojoserf / NativeDump

  View on GitHub
  Dump lsass using only NTAPI functions by hand-crafting Minidump files (without MiniDumpWriteDump!!!)
  ☆698May 7, 2025Updated 9 months ago
• NtDallas / Ulfberht

  View on GitHub
  Shellcode loader
  ☆100Nov 24, 2024Updated last year
• MorDavid / BloodHound-MCP-AI

  View on GitHub
  BloodHound-MCP-AI is integration that connects BloodHound with AI through Model Context Protocol, allowing security professionals to anal…
  ☆335Jun 2, 2025Updated 8 months ago
• decoder-it / KrbRelayEx-RPC

  View on GitHub
  ☆198Mar 28, 2025Updated 10 months ago
• dobin / SuperMega

  View on GitHub
  Stealthily inject shellcode into an executable
  ☆445Oct 19, 2025Updated 3 months ago
• Maldev-Academy / GhostlyHollowingViaTamperedSyscalls2

  View on GitHub
  ☆70Dec 26, 2025Updated last month
• jojonas / SharpSAMDump

  View on GitHub
  SAM Dumping in C#
  ☆54Nov 27, 2025Updated 2 months ago
• sikumy / spearspray

  View on GitHub
  Enhance Your Active Directory Password Spraying with User Intelligence.
  ☆313Dec 29, 2025Updated last month