lsass

The swiss army knife of LSASS dumping

Credentials gathering tool automating remote procdump and parse of lsass process.

Dump lsass using only NTAPI functions by hand-crafting Minidump files (without MiniDumpWriteDump!!!)

Dump lsass using only NTAPI functions creating 3 JSON and 1 ZIP file... and generate the MiniDump file later!

Another LSASS dumping tool that uses a dynamically compiled LSA plugin to grab an lsass handle and API hooking for capturing the dump in memory

Windows NTLM Authentication Backdoor

Dumping LSASS with a duplicated handle from custom LSA plugin

Enabled / Disable LSA Protection via BYOVD

Dumping Windows Local Credentials Tools/Tricks

Windows NTLM hash dump utility written in C language, that supports Windows and Linux. Hashes can be dumped in realtime or from already saved SAM and SYSTEM hives.

Dump protected process memory by using BYOVD to tamper with handle objects in the kernel.

Windows Hardening Powershell Scripts

A lsass dump tool using MiniDumpWriteDump & syscall(NtOpenProcess) technique. only tested on windows 11 with defender enabled:-)

By manipulating LSASS memory flags like UseLogonCredential and IsCredGuardEnabled, this repo demonstrates how Credential Guard can be bypassed—restoring cleartext credentials despite the protection appearing active. Requires SYSTEM-level access and targets VBS-based defenses.

Shellcode for creating a minidump file of the lsass.exe process.

A bootkit to bypass Windows login (WIP)

A plugin for x64dbg that allows you to hook the Local Security Authority Subsystem Service process to extract all possible TLS(On handshake, Import, Export or Generate) keys from the operating system using the SeDebugPrivilege escalation to make malware analysis faster and easier.

CSE 4118 Cryptography and Security Lab

Dump Hashes From lsass

Dump lsass with windows client and extract creds with pypykatz