Remotely Dumping Chrome Cookies
The method in this blog post does not require the remote debugger or Keychain (macOS)/DPAPI (Windows) access and applies to Chromium-based browsers in general
https://cedowens.medium.com/remotely-dumping-chrome-cookies-revisited-b25343257209
#chrome #cookie #dump #blog
The method in this blog post does not require the remote debugger or Keychain (macOS)/DPAPI (Windows) access and applies to Chromium-based browsers in general
https://cedowens.medium.com/remotely-dumping-chrome-cookies-revisited-b25343257209
#chrome #cookie #dump #blog
Medium
Remotely Dumping Chrome Cookies…Revisited
TL;DR Security researcher Ron Masas (twitter: @RonMasas) recently wrote a tool (chrome-bandit) that extracts saved password from…
🔐 Dumping LSASS with AV
Sometimes Antivirus is attackers' best friend. Here is how you can use Avast AV to dump lsass memory
Commands:
There's also Metasploit post exploitation module for this under
You can also download AvDump.exe from this link.
VirusTotal Details:
https://www.virustotal.com/gui/file/52a57aca1d96aee6456d484a2e8459681f6a7a159dc31f62b38942884464f57b/details
#ad #evasion #lsass #dump #avast #redteam
Sometimes Antivirus is attackers' best friend. Here is how you can use Avast AV to dump lsass memory
Commands:
.\AvDump.exe --pid 704 --exception_ptr 0 --thread_id 0 --dump_level 1 --dump_file lsass.dmp
To bypass Microsoft Defender, remember to rename the AvDump.exe file. Also, don't use the name lsass.dmp (see screenshot).There's also Metasploit post exploitation module for this under
post/windows/gather/avast_memory_dump
AvDump.exe is located at C:\Program Files\Avast Software\Avast. You can also download AvDump.exe from this link.
VirusTotal Details:
https://www.virustotal.com/gui/file/52a57aca1d96aee6456d484a2e8459681f6a7a159dc31f62b38942884464f57b/details
#ad #evasion #lsass #dump #avast #redteam
🔥4👍1👎1
This media is not supported in your browser
VIEW IN TELEGRAM
🔑 Extracting Credentials from Chrome Memory
An excellent study on how Chrome's memory works and how to extract credentials, cookies, etc. in а low privileges plain text format.
https://www.cyberark.com/resources/threat-research-blog/extracting-clear-text-credentials-directly-from-chromium-s-memory
#chrome #memory #dump #creds
An excellent study on how Chrome's memory works and how to extract credentials, cookies, etc. in а low privileges plain text format.
https://www.cyberark.com/resources/threat-research-blog/extracting-clear-text-credentials-directly-from-chromium-s-memory
#chrome #memory #dump #creds
👍10🔥5
😈 POSTDump
This is the C# / .NET implementation of the ReactOS minidump function (like nanodump), thus avoiding call to the Windows API MiniDumpWriteDump function.
🚀 Key Features:
— Usage of indirect syscall along with halo's gate technic to retrieve syscalls IDs
— No memory Allocation/Protection call is performed for indirect syscall, instead, free RWX codecave found in the current process are used
— ETW patching
— No call to MiniDumpWriteDump
🌐 Source:
https://github.com/YOLOP0wn/POSTDump
#windows #lsass #dump #syscall #reactos
This is the C# / .NET implementation of the ReactOS minidump function (like nanodump), thus avoiding call to the Windows API MiniDumpWriteDump function.
🚀 Key Features:
— Usage of indirect syscall along with halo's gate technic to retrieve syscalls IDs
— No memory Allocation/Protection call is performed for indirect syscall, instead, free RWX codecave found in the current process are used
— ETW patching
— No call to MiniDumpWriteDump
🌐 Source:
https://github.com/YOLOP0wn/POSTDump
#windows #lsass #dump #syscall #reactos
🔥7👍2
Forwarded from Ralf Hacker Channel (Ralf Hacker)
Ой, красота))) Получить данные из LSA без дампа LSASS.
Tool: https://github.com/EvanMcBroom/lsa-whisperer
Blog: https://posts.specterops.io/lsa-whisperer-20874277ea3b
#redteam #pentest #creds #dump
Tool: https://github.com/EvanMcBroom/lsa-whisperer
Blog: https://posts.specterops.io/lsa-whisperer-20874277ea3b
#redteam #pentest #creds #dump
GitHub
GitHub - EvanMcBroom/lsa-whisperer: Tools for interacting with authentication packages using their individual message protocols
Tools for interacting with authentication packages using their individual message protocols - EvanMcBroom/lsa-whisperer
👍14🔥2
🔑 Dumping LSA: a story about task decorrelation
Discover the art of bypassing EDRs by decorrelating attack tool behavior. This post explains the process of remote LSA secrets dumping and reveals techniques to retrieve a Windows computer's BOOTKEY without EDR detection.
🔗 Source:
https://sensepost.com/blog/2024/dumping-lsa-secrets-a-story-about-task-decorrelation/
#lsa #sam #dump #edr #bypass
Discover the art of bypassing EDRs by decorrelating attack tool behavior. This post explains the process of remote LSA secrets dumping and reveals techniques to retrieve a Windows computer's BOOTKEY without EDR detection.
🔗 Source:
https://sensepost.com/blog/2024/dumping-lsa-secrets-a-story-about-task-decorrelation/
#lsa #sam #dump #edr #bypass
👍12❤2
🔑 PanGPA Extractor
Tool to extract username and password of current user from PanGPA in plaintext under Windows. Palo Alto Networks GlobalProtect client queries the GlobalProtect Service for your username and password everytime you log on or refresh the connection.
🔗 Research:
https://shells.systems/extracting-plaintext-credentials-from-palo-alto-global-protect/
🔗 Source:
https://github.com/t3hbb/PanGP_Extractor
#paloalto #globalprotect #credentials #dump
Tool to extract username and password of current user from PanGPA in plaintext under Windows. Palo Alto Networks GlobalProtect client queries the GlobalProtect Service for your username and password everytime you log on or refresh the connection.
🔗 Research:
https://shells.systems/extracting-plaintext-credentials-from-palo-alto-global-protect/
🔗 Source:
https://github.com/t3hbb/PanGP_Extractor
#paloalto #globalprotect #credentials #dump
🔥6👍4❤🔥3🤔1