bandicam.2024-04-21.15-10-00-222.mp4

D3MPSEC using direct system calls and random procedures, prototypes names.

"D3MPSEC" is a memory dumping tool designed to extract memory dump from Lsass process using various techniques, including direct system calls, randomized procedures, and prototype name obfuscation.

Usage

1. Just open the project solution in visual studio and compile it. If you are facing any issue regarding assembler then right click on solution and go to build customization and make sure MASM is selected.
2. This tool will only work on windows with major version (10.0).
3. This will only work when PPL protection is disabled.
4. Use tools like mimikatz or pypykatz to read the hashes from dumped file.

Commands for offline dumping.

1. Mimikatz

   sekurlsa::minidump [filename] sekurlsa::logonpasswords

2. Pypykatz

   pypykatz lsa minidump [filename]

Disclaimer

This repository is only for educational purposes.