12 skills found
ricardojoserf / SAMDumpExtract the SAM and SYSTEM hives using the Volume Shadow Copy (VSS) API. With exfiltration and XOR obfuscation options. Implemented in C#, C++, Crystal and Python
EncodeGroup / BOF RegSaveDumping SAM / SECURITY / SYSTEM registry hives with a Beacon Object File
Viralmaniar / HiveJackThis tool can be used during internal penetration testing to dump Windows credentials from an already-compromised host. It allows one to dump SYSTEM, SECURITY and SAM hives and once copied to the attacker machines provides option to delete these files to clear the trace.
Retr0-code / Hash DumperWindows NTLM hash dump utility written in C language, that supports Windows and Linux. Hashes can be dumped in realtime or from already saved SAM and SYSTEM hives.
EncodeGroup / RegSaveA .NET implementation to dump SAM / SECURITY / SYSTEM registry hives
paragonsec / HiveNightmare CheckerA PowerShell script that checks for dangerous ACLs on system hives and shadows
Viralmaniar / Reg HivesThis tool can be used during internal penetration testing to dump Windows credentials from an already-compromised host. Use it to copy SYSTEM, SECURITY and SAM hives and download them back to the attacker machines.
Darknetwave / CredAuditOpen-source Windows credential audit tool — extracts NTLM hashes from SAM/SYSTEM hives, cracks passwords using Hashcat, and tests password strength. Generates TXT, JSON, and HTML reports.
stark0de / RegsaveThis tool is useful in case you want to evade the detection based on simple rules when trying to dump the SAM, SYSTEM or SECURITY hives using the typical reg.exe save command.
erberkan / Dump Hives BOFDump SAM, SYSTEM and SECURITY hives under C:\ drive.
spawn451 / RegVault DelphiDump SAM, SYSTEM, SECURITY registry hives from local/remote host
CobblePot59 / SamXporterExtract Windows registry security hives (SAM, SYSTEM, and SECURITY)
