/D3MPSEC

"D3MPSEC" is a memory dumping tool designed to extract memory dump from Lsass process using various techniques, including direct system calls, randomized procedures, and prototype name obfuscation. Its primary purpose is to bypass both static and dynamic analysis techniques commonly employed by security measures.

Primary LanguageC++MIT LicenseMIT

bandicam.2024-04-21.15-10-00-222.mp4

D3MPSEC using direct system calls and random procedures, prototypes names.

"D3MPSEC" is a memory dumping tool designed to extract memory dump from Lsass process using various techniques, including direct system calls, randomized procedures, and prototype name obfuscation. Its primary purpose is to bypass both static and dynamic analysis techniques commonly employed by security measures.

Usage

  1. Just open the project solution in visual studio and compile it. If you are facing any issue regarding assembler then right click on solution and go to build customization and make sure MASM is selected.
  2. This tool will only work on windows with major version (10.0).
  3. This will only work when PPL protection is disabled.
  4. Use tools like mimikatz or pypykatz to read the hashes from dumped file.

Commands for offline dumping.

  1. Mimikatz

    sekurlsa::minidump [filename] sekurlsa::logonpasswords

  2. Pypykatz

    pypykatz lsa minidump [filename]

This repository is only for educational purposes.