9 Repos
Extracting sensitive credentials from active process memory using loaders.
Distinct from Structured Memory Dumping: Distinct from Structured Memory Dumping: focuses specifically on the target of credential retrieval rather than the formatting of the dump.
Explore 9 awesome GitHub repositories matching operating systems & systems programming · Credential Memory Dumping. Refine with filters or upvote what's useful.
This project is a comprehensive Android reverse engineering suite that functions as a decompiler, bytecode deobfuscator, and malware analysis tool. It is designed to convert APK, DEX, and OAT binaries into human-readable source code using a native implementation that does not require a Java Virtual Machine. The platform is distinguished by its integration with Frida for dynamic analysis, allowing users to hook methods, inject custom JavaScript, and dump device memory in real time. It also features specialized security engines, including a taint propagation engine and a stack-state machine, to
Extracts active modules from a running process's memory to recover the original binary code.
Dieses Projekt ist eine Wissensdatenbank für Red Teaming und ein Playbook für offensive Sicherheit, das darauf ausgelegt ist, das Verhalten von Angreifern zu simulieren. Es dient als umfassende Sammlung technischer Anleitungen und Taktiken für die Durchführung von Red-Team-Operationen. Das Repository bietet detaillierte Anweisungen für Active-Directory-Exploitation, einschließlich Kerberos-Missbrauch und Domain-Privilege-Escalation. Es behandelt Defense-Evasion durch API-Unhooking und Payload-Obfuskation sowie Windows-Internals-Forschung, die die Manipulation von Kernel-Objekten und Systemspeicher umfasst. Das Fähigkeitsspektrum erstreckt sich auf Netzwerk-Penetrationstests, Malware-Analyse und -Engineering sowie die Bereitstellung von Infrastruktur für offensive Sicherheit. Es enthält zudem Methoden für Lateral Movement, Persistenz und Datenexfiltration in Unternehmensumgebungen.
Provides methods for extracting plaintext passwords and hashes directly from active process memory.
Meltdown ist eine Suite von Software-Utilities, die darauf ausgelegt sind, die Randomisierung von Kernel-Adressen zu umgehen und den physischen Speicher zu dumpen, um Sicherheitslücken auf Hardware-Ebene auszunutzen. Es dient als Proof of Concept für die Meltdown-Hardware-Schwachstelle und ermöglicht das Lesen geschützten Kernel-Speichers auf betroffenen Prozessoren. Das Tool bietet Funktionen zur Identifizierung des geheimen Randomisierungs-Offsets der direkten physischen Abbildung, um Kernel-Speicher zu lokalisieren. Es beinhaltet zudem Funktionen zum Exportieren großer Segmente des physischen Speichers in das Hexdump-Format zur Wiederherstellung sensibler Strings und Passwörter. Das Projekt deckt die Speicheranalyse durch Kernel-Offset-Berechnung und das Leaken physischen Speichers ab. Es beinhaltet zudem die Fähigkeit, die Genauigkeit und Konsistenz von Daten zu messen, die aus dem physischen Speicher geleakt wurden, um die Zuverlässigkeit der Hardware-Schwachstelle zu verifizieren.
Exports large segments of physical memory into hexdump format for the recovery of strings and passwords.
MimiPenguin is a Linux memory credential extractor and password recovery tool designed to isolate and retrieve cleartext user login passwords from active process memory. It functions as a post-exploitation utility for extracting sensitive credentials from desktop user sessions during security assessments. The tool performs Linux memory forensics by analyzing system process memory to identify and isolate credentials. It is used for security penetration testing and evaluating risks associated with memory-based attacks, as well as testing for local privilege escalation. The system targets user-
Extracts sensitive credentials from active process memory using specialized loaders.
HyperDbg is a hardware-assisted kernel-mode debugging platform that leverages virtualization to monitor and control system execution. By utilizing hypervisor-level primitives, it enables deep system analysis and instrumentation without relying on standard operating system debugging interfaces. The framework provides a comprehensive environment for inspecting both kernel and user-mode processes, allowing for granular control over execution flow and system state. The project distinguishes itself through a transparent debugging layer designed to remain invisible to the target environment. It emp
Transfers bytes between physical memory addresses for low-level data manipulation.
WinPwn is a Windows penetration testing framework and security toolkit designed for auditing Active Directory and exploiting Windows environments. It provides a collection of automated tools and scripts for domain enumeration, credential theft, and privilege escalation. The toolkit distinguishes itself through capabilities for neutralizing antimalware scanning interfaces to evade detection and providing offline binary packaging for execution on isolated systems without internet access. It also includes specialized utilities for intercepting and relaying SMB authentication traffic to gain unau
Retrieves passwords and hashes by scanning system memory and analyzing local storage files.
WinPwn is a Windows penetration testing framework designed for conducting internal security assessments and privilege escalation. It functions as a suite for Active Directory security auditing, credential extraction, and the execution of privilege escalation scripts. The toolset enables the automation of SMB relay attacks to intercept and reuse authentication hashes. It provides specialized capabilities for retrieving passwords and hashes from system memory, registries, and browsers using obfuscated techniques to avoid detection. The framework covers broad capability areas including domain a
Extracts authentication secrets and password hashes from system memory using obfuscated techniques.
BloodHound is an identity risk management platform and graph-based attack path analyzer used to map identity relationships and permissions in Active Directory. It functions as a security tool for auditing directory services, uncovering unintended privilege relationships, and visualizing sequences of permissions that can lead to domain compromise. The project differentiates itself as a comprehensive adversary emulation framework that coordinates remote agents and executes post-exploitation commands. It includes a reverse proxy for bypassing multi-factor authentication via real-time session hij
Extracts credentials and sensitive data from active process memory using in-memory loaders.
Mimikatz is a Windows post-exploitation framework designed for extracting plaintext passwords, hashes, PIN codes, and security tokens from system memory and the registry. It functions as a credential extraction tool that targets the Local Security Authority Subsystem Service to retrieve cached credentials and sensitive account data. The project provides specialized capabilities for Active Directory penetration testing, including the simulation of domain controllers to replicate directory secrets. It features a Kerberos ticket manipulator capable of exporting, injecting, and forging authentica
Reads process memory directly to extract sensitive credentials stored by the local security authority.