Dump lsass using only NTAPI functions by hand-crafting Minidump files (without MiniDumpWriteDump!!!)
-
Updated
May 7, 2025 - C#
#
lsass-dump
Here are 16 public repositories matching this topic...
Dump lsass using only NTAPI functions creating 3 JSON and 1 ZIP file... and generate the MiniDump file later!
-
Updated
May 9, 2025 - C#
LSASS memory dumper using only NTAPIs, creating a minimal minidump. It can be compiled as shellcode (PIC), supports XOR encryption, and remote file transmission.
-
Updated
Apr 26, 2025 - Rust
🔥📜 Forbidden collection of Red Team sorcery 📜🔥
-
Updated
Mar 23, 2026 - C
KslDump — Why bring your own knife when Defender already left one in the kitchen?
offensive-security hacking-tool redteaming redteam purpleteam purple-team lsass redteam-tools byovd runasppl lsass-dump mimikatz-alternative ppl-bypass
-
Updated
Mar 17, 2026 - Python
This tool leverages the Process Forking technique using the RtlCreateProcessReflection API to clone the lsass.exe process. Once the clone is created, it utilizes MINIDUMP_CALLBACK_INFORMATION callbacks to generate a memory dump of the cloned process
-
Updated
Oct 19, 2024 - C++
Cobalt Strike BOF to freeze EDR/AV processes and dump LSASS using WerFaultSecure.exe PPL bypass
offensive-security cobalt-strike red-team bof av-bypass windows-security credential-dumping edr-bypass edr-evasion beacon-object-file lsass-dump edr-freeze ppl-bypass
-
Updated
Jan 29, 2026 - C
Hidedump:a lsassdump tools that may bypass EDR
-
Updated
May 23, 2024 - C
"D3MPSEC" is a memory dumping tool designed to extract memory dump from Lsass process using various techniques, including direct system calls, randomized procedures, and prototype name obfuscation. Its primary purpose is to bypass both static and dynamic analysis techniques commonly employed by security measures.
-
Updated
Sep 18, 2024 - C++
By manipulating LSASS memory flags like UseLogonCredential and IsCredGuardEnabled, this repo demonstrates how Credential Guard can be bypassed—restoring cleartext credentials despite the protection appearing active. Requires SYSTEM-level access and targets VBS-based defenses.
windows active-directory cybersecurity security-tools mimikatz windows-security lsass active-directory-security lsass-dump credential-guard
-
Updated
May 25, 2025 - C++
Windows LSA credential extractor for lsass.dmp minidumps. Targets Windows 11 24H2/25H2 and Windows Server 2025. Pure Win32, no DbgHelp, no dependencies. Extracts MSV, WDigest, Kerberos, CredMan, DPAPI. AES-CFB128 and 3DES-CBC decryption via BCrypt
memory-analysis ntlm-hashes kerberos-tickets lsass-dump windows-server-2025 credential-extraction windows-11-25h2 dpapi-secrets cleartext-passwords offline-forensics lsa-parsing
-
Updated
Feb 26, 2026 - C++
A single stored procedure transformed into a multi-functional tool like a Swiss Army knife after exploitation — an attack-focused SQL CLR toolset: file system control, payload preparation, privilege escalation, and shellcode/assembly loaders.
sql-server rpc post-exploitation command-execution offensive-security privilege-escalation shellcode-loader sqlclr payload-generation exploit-development dcom windows-internals sysadmin-tools lsass-dump mssql-clr potato-exploits
-
Updated
Apr 8, 2026 - C#
🥶 Freeze EDR/AV processes with ColdWer, using WerFaultSecure.exe PPL bypass to extract LSASS memory on modern Windows systems.
offensive-security cobalt-strike red-team bof av-bypass windows-security credential-dumping edr-bypass edr-evasion beacon-object-file lsass-dump edr-freeze ppl-bypass
-
Updated
Apr 8, 2026 - C
DLL injection, memory dump of process С++
winapi malware pentesting-windows trojan dll-injection virustotal memory-dump hacking-code lsass-dump remote-process-manipulation
-
Updated
Jun 12, 2024 - C++
Improve this page
Add a description, image, and links to the lsass-dump topic page so that developers can more easily learn about it.
Add this topic to your repo
To associate your repository with the lsass-dump topic, visit your repo's landing page and select "manage topics."