Source Byte

Originally, a port of the Dirty Vanity project to fork and dump the LSASS process. Has been updated upon further research to attempt to duplicate open handles to LSASS.

If this fails (and it likely will), it will attempt to obtain a handle to LSASS through the NtGetNextProcess function instead of OpenProcess/NtOpenProcess.

https://github.com/RePRGM/Nimperiments/tree/main/EvilLsassTwin

Abusing Windows Implementation of Fork() for Stealthy Memory Operations https://billdemirkapi.me/abusing-windows-implementation-of-fork-for-stealthy-memory-operations/ A POC for the new injection technique, abusing windows fork API to evade EDRs. A POC for the new injection technique, abusing windows fork API to evade EDRs. https://www.blackhat.com/eu-22/briefings/schedule/index.html#dirty-vanity-a-new-approach-to-code-injection--edr-bypass-28417 https://github.com/deepinstinct/Dirty-Vanity

Multi-level Dropbox commands and TutorialRAT behind APT43 https://www-genians-co-kr.translate.goog/blog/threat_intelligence/dropbox?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en-US&_x_tr_pto=wapp

A set of tools for remote password dumping. https://github.com/Slowerzs/ThievingFox/ And the blog itself: https://blog.slowerzs.net/posts/thievingfox/

Redline Stealer: A Novel Approach https://www.mcafee.com/blogs/other-blogs/mcafee-labs/redline-stealer-a-novel-approach/

MrUn1k0d3r-Offensive.Coding.(2024)

The Windows Registry Adventure #2: A brief history of the feature https://googleprojectzero.blogspot.com/2024/04/the-windows-registry-adventure-2.html