Skip to content

README.md

Latest commit

 

History

History
23 lines (16 loc) · 1017 Bytes

README.md

File metadata and controls

23 lines (16 loc) · 1017 Bytes
bandicam.2024-04-21.15-10-00-222.mp4

D3MPSEC using direct system calls and random procedures, prototypes names.

"D3MPSEC" is a memory dumping tool designed to extract memory dump from Lsass process using various techniques, including direct system calls, randomized procedures, and prototype name obfuscation.

Usage

  1. Just open the project solution in visual studio and compile it. If you are facing any issue regarding assembler then right click on solution and go to build customization and make sure MASM is selected.
  2. This tool will only work on windows with major version (10.0).
  3. This will only work when PPL protection is disabled.
  4. Use tools like mimikatz or pypykatz to read the hashes from dumped file.

Commands for offline dumping.

  1. Mimikatz

    sekurlsa::minidump [filename] sekurlsa::logonpasswords

  2. Pypykatz

    pypykatz lsa minidump [filename]

Disclaimer

This repository is only for educational purposes.