deepinstinct/LsassSilentProcessExit

Stars
396
Rank 108,801 (Top 3 %)
Language
C++
Created about 4 years ago
Updated over 1 year ago

deepinstinct/LsassSilentProcessExit

deepinstinct

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Command line interface to dump LSASS memory to disk via SilentProcessExit

LsassSilentProcessExit

New method of causing WerFault.exe to dump lsass.exe process memory to disk for credentials extraction via silent process exit mechanism without crasing lsass.exe.

Usage:
LsassSilentProcessExit.exe <PID of LSASS.exe> <DumpMode>

Where DumpMode can be:

  0 - Call RtlSilentProcessExit on LSASS process handle
  1 - Call CreateRemoteThread on RtlSilentProcessExit on LSASS

Dirty-Vanity

A POC for the new injection technique, abusing windows fork API to evade EDRs. https://www.blackhat.com/eu-22/briefings/schedule/index.html#dirty-vanity-a-new-approach-to-code-injection--edr-bypass-28417

Lsass-Shtinkering

dsc_fix

Aids in reverse engineering libraries from dyld_shared_cache in IDA

AMSI-Unchained

Unchain AMSI by patching the provider’s unmonitored memory space

DeMotet

Unpacking and decryption tools for the Emotet malware

VSTO-POC

A proof-of-concept created for academic/learning purposes, demonstrating both local and remote use of VSTO "Add-In's" maliciously

NSISExtractor

Extract the original ransomware binary from an NSIS installer

JAR-Polyglot-POC

A simple PoC of a polyglot HTML + JAR file.

RattyConfigExtractor

A python script that extracts the "command & control" server address from Ratty malware

Exceller

Replaces VBA cells function calls with their content, to make the VBA code less obfuscated and easier to detect by AV vendors.

Emotet-IOCs

Emotet IOCs of the new wave in 2023

Storm0978-RomCom-Campaign

Recent Campaign abusing CVE-2023-36884