The swiss army knife of LSASS dumping

Credentials gathering tool automating remote procdump and parse of lsass process.

Dump lsass using only NTAPI functions by hand-crafting Minidump files (without MiniDumpWriteDump!!!)

Dump lsass using only NTAPI functions creating 3 JSON and 1 ZIP file... and generate the MiniDump file later!

Another LSASS dumping tool that uses a dynamically compiled LSA plugin to grab an lsass handle and API hooking for capturing the dump in memory

Windows NTLM Authentication Backdoor

Dumping LSASS with a duplicated handle from custom LSA plugin

Enabled / Disable LSA Protection via BYOVD

Dumping Windows Local Credentials Tools/Tricks

Windows NTLM hash dump utility written in C language, that supports Windows and Linux. Hashes can be dumped in realtime or from already saved SAM and SYSTEM hives.

Windows Hardening Powershell Scripts

A lsass dump tool using MiniDumpWriteDump & syscall(NtOpenProcess) technique. only tested on windows 11 with defender enabled:-)

Shellcode for creating a minidump file of the lsass.exe process.

A bootkit to bypass Windows login (WIP)

A plugin for x64dbg that allows you to hook the Local Security Authority Subsystem Service process to extract all possible TLS(On handshake, Import, Export or Generate) keys from the operating system using the SeDebugPrivilege escalation to make malware analysis faster and easier.

By manipulating LSASS memory flags like UseLogonCredential and IsCredGuardEnabled, this repo demonstrates how Credential Guard can be bypassed—restoring cleartext credentials despite the protection appearing active. Requires SYSTEM-level access and targets VBS-based defenses.

CSE 4118 Cryptography and Security Lab

Dump Hashes From lsass

Dump lsass with windows client and extract creds with pypykatz

LSASSExtractor is a lightweight tool designed to capture memory dumps of the LSASS process on Windows systems. By leveraging the Windows API, it locates the target process and creates a memory dump, which can be analyzed to extract sensitive information such as passwords, encryption keys, and authentication tokens.