Masky – Python Library With CLI Allowing To Remotely Dump Domain User Credentials Via An ADCS Without Dumping The LSASS Process Memory

Masky is a python library providing an alternative way to remotely dump domain users’ credentials thanks to an ADCS. A command line tool has been built on top of this library in order to easily gather PFX, NT hashes and TGT on a larger scope. This tool does not exploit any new vulnerability and doesRead More

DuplicateDump – Dumping LSASS With A Duplicated Handle From Custom LSA Plugin

DuplicateDump is a fork of MirrorDump with following modifications: DInovke implementation LSA plugin DLL written in C++ which could be clean up after dumping LSASS. MirrorDump compile LSA plugin as .NET assembly which would not be unloaded by LSASS process. That’s why MirrorDump failed to delete the plugin. PID of dump process (i.e., DuplicateDump) isRead More – An AD Explorer Snapshot Parser. It Is Made As An Ingestor For BloodHound, And Also Supports Full-Object Dumping To NDJSON is an AD Explorer snapshot parser. It is made as an ingestor for BloodHound, and also supports full-object dumping to NDJSON. AD Explorer allows you to connect to a DC and browse LDAP data. It can also create snapshots of the server you are currently attached to. This tool allows you to convert thoseRead More

DonPAPI – Dumping DPAPI Credz Remotely

Dumping revelant information on compromised targets without AV detection  DPAPI dumping Lots of credentials are protected by DPAPI. We aim at locating those “secured” credentials, and retreive them using : User password Domaine DPAPI BackupKey Local machine DPAPI Key (protecting TaskScheduled blob) Curently gathered info Windows credentials (Taskscheduled credentials & a lot more) Windows VaultsRead More

Process-Dump – Windows Tool For Dumping Malware PE Files From Memory Back To Disk For Analysis

Process Dump is a Windows reverse-engineering command-line tool to dump malware memory components back to disk for analysis. Often malware files are packed and obfuscated before they are executed in order to avoid AV scanners, however when these files are executed they will often unpack or inject a clean version of the malware code inRead More

SharpSecDump – .Net Port Of The Remote SAM + LSA Secrets Dumping Functionality Of Impacket’S Secretsdump.Py

.Net port of the remote SAM + LSA Secrets dumping functionality of impacket’s By default runs in the context of the current user. Please only use in environments you own or have permission to test against 🙂 Usage SharpSecDump.exe -target= -u=admin -p=Password123 -d=test.local Required Flags -target – Comma seperated list of IP’s / hostnamesRead More

Chalumeau – Automated, Extendable And Customizable Credential Dumping Tool

Chalumeau is automated,extendable and customizable credential dumping tool based on powershell and python. Main Features Write your own Payloads In-Memory execution Extract Password List Dashboard reporting / Web Interface Parsing Mimikatz Dumping Tickets Screenshots Known Issues Parsing Mimikatz dcsync (working on fix) Bypassing Antivirus and EDRs , you will need to maintain your payloads TODORead More