NativeDump - Dump Lsass Using Only Native APIs By Hand-Crafting Minidump Files (Without MinidumpWriteDump!)

NativeDump allows to dump the lsass process using only NTAPIs generating a Minidump file with only the streams needed to be parsed by tools like Mimikatz or Pypykatz SystemInfo, ModuleList and Memory64List Streams. NTOpenProcessToken and NtAdjustPrivilegeToken to get the "SeDebugPrivilege"...

Dumpscan - Tool To Extract And Dump Secrets From Kernel And Windows Minidump Formats

Dumpscan is a command-line tool designed to extract and dump secrets from kernel and Windows Minidump formats. Kernel-dump parsing is provided by volatility3. Features x509 Public and Private key PKCS 8/PKCS 1 parsing SymCrypt parsing Supported structures SYMCRYPTRSAKEY - Determines if the key...

Nanodump - A Crappy LSASS Dumper With No ASCII Art

A flexible tool that creates a minidump of the LSASS process. 1. Features It uses syscalls with SysWhispers2 for most operations. Syscalls are called from an ntdll address to bypass some syscall detections. It sets the syscall callback hook to NULL. Windows APIs are called using dynamic invoke...

BeaconEye - Hunts Out CobaltStrike Beacons And Logs Operator Command Output

BeaconEye scans running processes for active CobaltStrike beacons. When processes are found to be running beacon, BeaconEye will monitor each process for C2 activity. How it works BeaconEye will scan live processes or MiniDump files for suspected CobaltStrike beacons. In live process mode,...

Windows Process Memory Dump

This module creates a memory dump of a process to disk and downloads the file for offline analysis. Options for DUMPTYPE affect the completeness of the dump: "full" retrieves the entire process address space all allocated pages; "standard" excludes image files e.g. DLLs and EXEs in the address...

PowerSploit - A PowerShell Post-Exploitation Framework

PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts: CodeExecution Execute code on a target machine. Invoke-DllInjection Injects a Dll into the...

Slackor - A Golang Implant That Uses Slack As A Command And Control Server

A Golang implant that uses Slack as a command and control channel. This project was inspired by Gcat and Twittor. This tool is released as a proof of concept. Be sure to read and understand the Slack App Developer Policy before creating any Slack apps. Setup Note: The server is written in Python ...

CVE-2018-3927

An exploitable information disclosure vulnerability exists in the crash handler of the hubCore binary of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. When hubCore crashes, Google Breakpad is used to record minidumps, which are sent over an insecure HTTPS connection to the...

BlueScreenView - Blue Screen of Death (STOP error) information in dump files

BlueScreenView scans all your minidump files created during 'blue screen of death' crashes, and displays the information about all crashes in one table. For each crash, BlueScreenView displays the minidump filename, the date/time of the crash, the basic crash information displayed in the blue...