{"id":10545,"date":"2020-05-12T09:18:49","date_gmt":"2020-05-12T03:48:49","guid":{"rendered":"http:\/\/kalilinuxtutorials.com\/?p=10545"},"modified":"2020-05-12T09:18:49","modified_gmt":"2020-05-12T03:48:49","slug":"hivejack","status":"publish","type":"post","link":"https:\/\/kalilinuxtutorials.com\/hivejack\/","title":{"rendered":"HiveJack : Internal Penetration Testing To Dump Windows Credentials"},"content":{"rendered":"\n<p><strong>HiveJack<\/strong> is a tool that can be used during internal penetration testing to dump Windows credentials from an already-compromised host. It allows one to dump SYSTEM, SECURITY and SAM registry hives and once copied to the attacker machines provides an option to delete these files to clear the trace.<\/p>\n\n\n\n<p>Often, this is a repetitive process, once an attacker gets system-level access on the compromised host dumping hives values is the next step. Time is very valuable when it comes to internal penetration testing. <strong>HiveJack<\/strong> will save you plenty of time when it comes to dumping and deleting the files. You&#8217;ll never have to remember the command to perform the actions.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" src=\"https:\/\/1.bp.blogspot.com\/-WJQh-hI8je4\/XrVtnzFcaeI\/AAAAAAAAGP4\/NyYRubcMx_M1GUBpTDrMwCHqgJkHGMcMwCLcBGAsYHQ\/s1600\/HiveJack.png\" alt=\"\"\/><\/figure>\n\n\n\n<p>Files dumped in the <em>c:\\temp\\<\/em> folder of the compromised host:<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" src=\"https:\/\/1.bp.blogspot.com\/-0hBcUkyOIKY\/XrVtp0XhHkI\/AAAAAAAAGQE\/b7649L2yhw06vCDBLgZzA69ZzIuiN-XtQCLcBGAsYHQ\/s1600\/HiveJack-1.png\" alt=\"\"\/><\/figure>\n\n\n\n<p>Files are successfully deleted from the compromised host upon clicking on the <strong>Delete Hives<\/strong> button:<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" src=\"https:\/\/1.bp.blogspot.com\/-HoQPnn6rJaU\/XrVtpE-1KdI\/AAAAAAAAGP8\/LH2zo7Z39GIbDPZUK2M56oFYtdqXVY8iACLcBGAsYHQ\/s1600\/HiveJack-2.png\" alt=\"\"\/><\/figure>\n\n\n\n<p>Any suggestions or ideas for this tool are welcome &#8211; just tweet me on <a href=\"https:\/\/twitter.com\/maniarviral\">@ManiarViral<\/a><\/p>\n\n\n\n<p>A hive is a logical group of keys, subkeys, and values in the registry that has a set of supporting files loaded into memory when the operating system is started or a user logs in.<\/p>\n\n\n\n<p class=\"has-text-align-center\"><strong>Also Read &#8211; <a href=\"https:\/\/kalilinuxtutorials.com\/open-source-software-security\/\" target=\"_blank\" rel=\"noreferrer noopener\">Top 3 Open-Source Software Security Concerns and How to Mitigate Them<\/a><\/strong><\/p>\n\n\n\n<p>Registry files have the following two formats:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Standard format: Supported from Windows 2000, also supported in the later versions of the Windows for backward compatibility<\/li><li>Latest format: Supported starting with Windows XP<\/li><\/ul>\n\n\n\n<p><strong>HKEY_CURRENT_USER, HKEY_LOCAL_MACHINE\\SAM, HKEY_LOCAL_MACHINE\\Security, and HKEY_USERS.DEFAULT;<\/strong> all other hives use the latest format.<\/p>\n\n\n\n<p>During an internal penetration test, the attacker often wants to perform a lateral movement from one host to the other. To move from one host to the other attacker often requires account credentials. Using <strong>HiveJack<\/strong> attacker would be able to gather credentials via system hives.<\/p>\n\n\n\n<p><strong>HiveJack<\/strong> is useful once the attacker has successfully gained local admin or system privileges on one of the compromised hosts. To further gain access within the network attacker can use registry hives. Dumping these hives would allow an attacker to capture system users&#8217; password hashes.&nbsp;<\/p>\n\n\n\n<p>Upon dumping the registry hives and pulling it on the attacking box one can use a tool such as <strong>secretsdump<\/strong> available here: <a href=\"https:\/\/github.com\/SecureAuthCorp\/impacket\/blob\/master\/examples\/secretsdump.py\">https:\/\/github.com\/SecureAuthCorp\/impacket\/blob\/master\/examples\/secretsdump.py<\/a><\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" src=\"https:\/\/1.bp.blogspot.com\/-nh17ZWgt51Y\/XrVtpgl8R4I\/AAAAAAAAGQA\/tq8YXlL_jXkkKZgOL1QpZOhT9eVgm3paQCLcBGAsYHQ\/s1600\/HiveJack-3.png\" alt=\"\"\/><\/figure>\n\n\n\n<p>Once the password hashes are obtained it opens the doors to a variety of attacks such as pass-the-hash, spraying or password cracking to perform a lateral movement within the network.<\/p>\n\n\n\n<p>When hive files are copied to the attacking machine it is a good practice to delete the files from the <em>temp<\/em> folder to avoid leaking of sensitive files or cleaning the traces.<\/p>\n\n\n\n<p class=\"has-background has-text-align-center has-light-green-cyan-background-color\"><strong>Quick Tip<\/strong><\/p>\n\n\n\n<p>It is a good practice to check the <em>C:\\Windows\\repair\\<\/em> location to obtain the SAM and SYSTEM files to avoid detection from EDR solutions. However, this directory contains outdated copies of the original <em>C:\\Windows\\System32\\config\\<\/em> files so it might not reflect the current users&#8217; credentials. However, if the passwords are cracked it may be useful to know any password patterns such as <strong>Winter2020<\/strong> or <strong>Summer2020<\/strong><\/p>\n\n\n\n<p class=\"has-background has-text-align-center has-light-green-cyan-background-color\"><strong>How do I use this?<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Method 1:<\/strong> Use a HiveJack.exe file from the release section (<a href=\"https:\/\/github.com\/Viralmaniar\/HiveJack\/releases\/download\/v1.0\/HiveJack.exe\">https:\/\/github.com\/Viralmaniar\/HiveJack\/releases\/download\/v1.0\/HiveJack.exe<\/a>) and run it on the compromised host. The hives will get stored at the <em>c:\\temp\\<\/em> folder.<\/li><li><strong>Method 2:<\/strong> Open the solution using <strong>Visual Studio<\/strong> and look at the code to build the solution.<\/li><\/ul>\n\n\n\n<p class=\"has-background has-luminous-vivid-amber-background-color\"><strong>Note:<\/strong> Please make sure you have a <em>temp<\/em> folder in the &#8216;C:&#8217; Drive of the compromised host before dumping the registry hives.<\/p>\n\n\n\n<div class=\"wp-block-buttons aligncenter is-layout-flex wp-block-buttons-is-layout-flex\">\n<div class=\"wp-block-button is-style-outline is-style-outline--1\"><a class=\"wp-block-button__link has-background has-vivid-cyan-blue-background-color\" href=\"https:\/\/github.com\/Viralmaniar\/HiveJack\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Download<\/strong><\/a><\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>HiveJack is a tool that can be used during internal penetration testing to dump Windows credentials from an already-compromised host. It allows one to dump SYSTEM, SECURITY and SAM registry hives and once copied to the attacker machines provides an option to delete these files to clear the trace. Often, this is a repetitive process, [&hellip;]<\/p>\n","protected":false},"author":4,"featured_media":16295,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/1.bp.blogspot.com\/--slK97fFmeQ\/XrVuQV4O83I\/AAAAAAAAGQY\/btfXmUx8AZkjBVMg_u5_jsX1MJrhHelkwCLcBGAsYHQ\/s1600\/HiveJack%25281%2529.png","fifu_image_alt":"HiveJack : Internal Penetration Testing To Dump Windows Credentials","_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[28],"tags":[1521,2464,3714,3719],"class_list":["post-10545","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-kali","tag-hivejack","tag-penetration","tag-windows","tag-windows-credentials"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>HiveJack : Internal Penetration Testing To Dump Windows Credentials<\/title>\n<meta name=\"description\" content=\"HiveJack is a tool that can be used during internal penetration testing to dump Windows credentials from an already-compromised host.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/kalilinuxtutorials.com\/hivejack\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"HiveJack : Internal Penetration Testing To Dump Windows Credentials\" \/>\n<meta property=\"og:description\" content=\"HiveJack is a tool that can be used during internal penetration testing to dump Windows credentials from an already-compromised host.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/kalilinuxtutorials.com\/hivejack\/\" \/>\n<meta property=\"og:site_name\" content=\"Kali Linux Tutorials\" \/>\n<meta property=\"article:published_time\" content=\"2020-05-12T03:48:49+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/1.bp.blogspot.com\/--slK97fFmeQ\/XrVuQV4O83I\/AAAAAAAAGQY\/btfXmUx8AZkjBVMg_u5_jsX1MJrhHelkwCLcBGAsYHQ\/s1600\/HiveJack%25281%2529.png\" \/>\n<meta name=\"author\" content=\"R K\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/1.bp.blogspot.com\/--slK97fFmeQ\/XrVuQV4O83I\/AAAAAAAAGQY\/btfXmUx8AZkjBVMg_u5_jsX1MJrhHelkwCLcBGAsYHQ\/s1600\/HiveJack%25281%2529.png\" \/>\n<meta name=\"twitter:creator\" content=\"@CyberEdition\" \/>\n<meta name=\"twitter:site\" content=\"@CyberEdition\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"R K\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/hivejack\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/hivejack\/\"},\"author\":{\"name\":\"R K\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/69444b58b9e267a4cf08fceb34b6f6ad\"},\"headline\":\"HiveJack : Internal Penetration Testing To Dump Windows Credentials\",\"datePublished\":\"2020-05-12T03:48:49+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/hivejack\/\"},\"wordCount\":597,\"publisher\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/hivejack\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/1.bp.blogspot.com\/--slK97fFmeQ\/XrVuQV4O83I\/AAAAAAAAGQY\/btfXmUx8AZkjBVMg_u5_jsX1MJrhHelkwCLcBGAsYHQ\/s1600\/HiveJack%25281%2529.png\",\"keywords\":[\"HiveJack\",\"Penetration\",\"windows\",\"Windows Credentials\"],\"articleSection\":[\"Kali Linux\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/hivejack\/\",\"url\":\"https:\/\/kalilinuxtutorials.com\/hivejack\/\",\"name\":\"HiveJack : Internal Penetration Testing To Dump Windows Credentials\",\"isPartOf\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/hivejack\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/hivejack\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/1.bp.blogspot.com\/--slK97fFmeQ\/XrVuQV4O83I\/AAAAAAAAGQY\/btfXmUx8AZkjBVMg_u5_jsX1MJrhHelkwCLcBGAsYHQ\/s1600\/HiveJack%25281%2529.png\",\"datePublished\":\"2020-05-12T03:48:49+00:00\",\"description\":\"HiveJack is a tool that can be used during internal penetration testing to dump Windows credentials from an already-compromised host.\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/kalilinuxtutorials.com\/hivejack\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/hivejack\/#primaryimage\",\"url\":\"https:\/\/1.bp.blogspot.com\/--slK97fFmeQ\/XrVuQV4O83I\/AAAAAAAAGQY\/btfXmUx8AZkjBVMg_u5_jsX1MJrhHelkwCLcBGAsYHQ\/s1600\/HiveJack%25281%2529.png\",\"contentUrl\":\"https:\/\/1.bp.blogspot.com\/--slK97fFmeQ\/XrVuQV4O83I\/AAAAAAAAGQY\/btfXmUx8AZkjBVMg_u5_jsX1MJrhHelkwCLcBGAsYHQ\/s1600\/HiveJack%25281%2529.png\"},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#website\",\"url\":\"https:\/\/kalilinuxtutorials.com\/\",\"name\":\"Kali Linux Tutorials\",\"description\":\"Kali Linux Tutorials\",\"publisher\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/kalilinuxtutorials.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\",\"name\":\"Kali Linux Tutorials\",\"url\":\"https:\/\/kalilinuxtutorials.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png\",\"contentUrl\":\"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png\",\"width\":272,\"height\":90,\"caption\":\"Kali Linux Tutorials\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/CyberEdition\",\"https:\/\/www.threads.com\/@cybersecurityedition\",\"https:\/\/www.linkedin.com\/company\/cyberedition\",\"https:\/\/www.instagram.com\/cybersecurityedition\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/69444b58b9e267a4cf08fceb34b6f6ad\",\"name\":\"R K\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d3937c9687f2da11bc0a716404ff91779fe19ca115208dbf66167ad353aca5aa?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d3937c9687f2da11bc0a716404ff91779fe19ca115208dbf66167ad353aca5aa?s=96&d=mm&r=g\",\"caption\":\"R K\"},\"url\":\"https:\/\/kalilinuxtutorials.com\/author\/ranjith\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"HiveJack : Internal Penetration Testing To Dump Windows Credentials","description":"HiveJack is a tool that can be used during internal penetration testing to dump Windows credentials from an already-compromised host.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/kalilinuxtutorials.com\/hivejack\/","og_locale":"en_US","og_type":"article","og_title":"HiveJack : Internal Penetration Testing To Dump Windows Credentials","og_description":"HiveJack is a tool that can be used during internal penetration testing to dump Windows credentials from an already-compromised host.","og_url":"https:\/\/kalilinuxtutorials.com\/hivejack\/","og_site_name":"Kali Linux Tutorials","article_published_time":"2020-05-12T03:48:49+00:00","og_image":[{"url":"https:\/\/1.bp.blogspot.com\/--slK97fFmeQ\/XrVuQV4O83I\/AAAAAAAAGQY\/btfXmUx8AZkjBVMg_u5_jsX1MJrhHelkwCLcBGAsYHQ\/s1600\/HiveJack%25281%2529.png","type":"","width":"","height":""}],"author":"R K","twitter_card":"summary_large_image","twitter_image":"https:\/\/1.bp.blogspot.com\/--slK97fFmeQ\/XrVuQV4O83I\/AAAAAAAAGQY\/btfXmUx8AZkjBVMg_u5_jsX1MJrhHelkwCLcBGAsYHQ\/s1600\/HiveJack%25281%2529.png","twitter_creator":"@CyberEdition","twitter_site":"@CyberEdition","twitter_misc":{"Written by":"R K","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/kalilinuxtutorials.com\/hivejack\/#article","isPartOf":{"@id":"https:\/\/kalilinuxtutorials.com\/hivejack\/"},"author":{"name":"R K","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/69444b58b9e267a4cf08fceb34b6f6ad"},"headline":"HiveJack : Internal Penetration Testing To Dump Windows Credentials","datePublished":"2020-05-12T03:48:49+00:00","mainEntityOfPage":{"@id":"https:\/\/kalilinuxtutorials.com\/hivejack\/"},"wordCount":597,"publisher":{"@id":"https:\/\/kalilinuxtutorials.com\/#organization"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/hivejack\/#primaryimage"},"thumbnailUrl":"https:\/\/1.bp.blogspot.com\/--slK97fFmeQ\/XrVuQV4O83I\/AAAAAAAAGQY\/btfXmUx8AZkjBVMg_u5_jsX1MJrhHelkwCLcBGAsYHQ\/s1600\/HiveJack%25281%2529.png","keywords":["HiveJack","Penetration","windows","Windows Credentials"],"articleSection":["Kali Linux"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/kalilinuxtutorials.com\/hivejack\/","url":"https:\/\/kalilinuxtutorials.com\/hivejack\/","name":"HiveJack : Internal Penetration Testing To Dump Windows Credentials","isPartOf":{"@id":"https:\/\/kalilinuxtutorials.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/kalilinuxtutorials.com\/hivejack\/#primaryimage"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/hivejack\/#primaryimage"},"thumbnailUrl":"https:\/\/1.bp.blogspot.com\/--slK97fFmeQ\/XrVuQV4O83I\/AAAAAAAAGQY\/btfXmUx8AZkjBVMg_u5_jsX1MJrhHelkwCLcBGAsYHQ\/s1600\/HiveJack%25281%2529.png","datePublished":"2020-05-12T03:48:49+00:00","description":"HiveJack is a tool that can be used during internal penetration testing to dump Windows credentials from an already-compromised host.","inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/kalilinuxtutorials.com\/hivejack\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/hivejack\/#primaryimage","url":"https:\/\/1.bp.blogspot.com\/--slK97fFmeQ\/XrVuQV4O83I\/AAAAAAAAGQY\/btfXmUx8AZkjBVMg_u5_jsX1MJrhHelkwCLcBGAsYHQ\/s1600\/HiveJack%25281%2529.png","contentUrl":"https:\/\/1.bp.blogspot.com\/--slK97fFmeQ\/XrVuQV4O83I\/AAAAAAAAGQY\/btfXmUx8AZkjBVMg_u5_jsX1MJrhHelkwCLcBGAsYHQ\/s1600\/HiveJack%25281%2529.png"},{"@type":"WebSite","@id":"https:\/\/kalilinuxtutorials.com\/#website","url":"https:\/\/kalilinuxtutorials.com\/","name":"Kali Linux Tutorials","description":"Kali Linux Tutorials","publisher":{"@id":"https:\/\/kalilinuxtutorials.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/kalilinuxtutorials.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/kalilinuxtutorials.com\/#organization","name":"Kali Linux Tutorials","url":"https:\/\/kalilinuxtutorials.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/","url":"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png","contentUrl":"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png","width":272,"height":90,"caption":"Kali Linux Tutorials"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/CyberEdition","https:\/\/www.threads.com\/@cybersecurityedition","https:\/\/www.linkedin.com\/company\/cyberedition","https:\/\/www.instagram.com\/cybersecurityedition\/"]},{"@type":"Person","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/69444b58b9e267a4cf08fceb34b6f6ad","name":"R K","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/d3937c9687f2da11bc0a716404ff91779fe19ca115208dbf66167ad353aca5aa?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d3937c9687f2da11bc0a716404ff91779fe19ca115208dbf66167ad353aca5aa?s=96&d=mm&r=g","caption":"R K"},"url":"https:\/\/kalilinuxtutorials.com\/author\/ranjith\/"}]}},"jetpack_featured_media_url":"https:\/\/1.bp.blogspot.com\/--slK97fFmeQ\/XrVuQV4O83I\/AAAAAAAAGQY\/btfXmUx8AZkjBVMg_u5_jsX1MJrhHelkwCLcBGAsYHQ\/s1600\/HiveJack%25281%2529.png","jetpack_sharing_enabled":true,"jetpack-related-posts":[{"id":36935,"url":"https:\/\/kalilinuxtutorials.com\/blindsight\/","url_meta":{"origin":10545,"position":0},"title":"Blindsight : Advanced Techniques In Red Teaming And LSASS Memory Exploitation","author":"Varshini","date":"March 10, 2025","format":false,"excerpt":"Blindsight is a red teaming tool designed to dump LSASS (Local Security Authority Subsystem Service) memory on Windows systems, bypassing basic countermeasures. It utilizes the Transactional NTFS (TxF API) to transparently scramble the memory dump, which helps avoid triggering antivirus, endpoint detection and response (EDR), and extended detection and response\u2026","rel":"","context":"In &quot;Cyber security&quot;","block_context":{"text":"Cyber security","link":"https:\/\/kalilinuxtutorials.com\/category\/cyber-security\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/03\/Blindsight-.webp?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/03\/Blindsight-.webp?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/03\/Blindsight-.webp?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/03\/Blindsight-.webp?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/03\/Blindsight-.webp?resize=1050%2C600&ssl=1 3x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/03\/Blindsight-.webp?resize=1400%2C800&ssl=1 4x"},"classes":[]},{"id":7365,"url":"https:\/\/kalilinuxtutorials.com\/winpwn-automation-internal-windows-penetrationtest-ad-security\/","url_meta":{"origin":10545,"position":1},"title":"WinPwn : Automation for Internal Windows Penetrationtest \/ AD-Security","author":"R K","date":"November 21, 2019","format":false,"excerpt":"WinPwn is a automation for internal Windows Penetrationtest \/ AD-Security. In many past internal penetration tests I often had problems with the existing Powershell Recon \/ Exploitation scripts due to missing proxy support. I often ran the same scripts one after the other to get information about the current system\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":31642,"url":"https:\/\/kalilinuxtutorials.com\/pplblade\/","url_meta":{"origin":10545,"position":2},"title":"PPLBlade: Advanced Memory Dumping and Obfuscation Tool","author":"Varshini","date":"August 20, 2025","format":false,"excerpt":"PPLBlade is a powerful Protected Process Dumper designed to capture memory from target processes, hide the data using obfuscation, and transfer it to remote workstations without leaving files on disk. It is widely used for advanced security testing and memory analysis. Key Features of PPLBlade Bypass PPL protection \u2013 Works\u2026","rel":"","context":"In &quot;Exploitation Tools&quot;","block_context":{"text":"Exploitation Tools","link":"https:\/\/kalilinuxtutorials.com\/category\/et\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjR4k9ONfvO1erJKuROEi-KFBm32GYDCMmoDAFy3WOXgYRza6Aa2jdzDH3lKrOAKfvwne6fbf2CfAhJU7gkXpIPyMmh0z4g-UCxjdPyChfC8FPR3FTjsRUhNn9-WsOY4_JXFnnp0ggTTCqS4aRiUdMMqwZ1tryVR49GeNAjThh_eSh2w607hVfATEvIew\/s16000\/PPLBlade.webp?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjR4k9ONfvO1erJKuROEi-KFBm32GYDCMmoDAFy3WOXgYRza6Aa2jdzDH3lKrOAKfvwne6fbf2CfAhJU7gkXpIPyMmh0z4g-UCxjdPyChfC8FPR3FTjsRUhNn9-WsOY4_JXFnnp0ggTTCqS4aRiUdMMqwZ1tryVR49GeNAjThh_eSh2w607hVfATEvIew\/s16000\/PPLBlade.webp?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjR4k9ONfvO1erJKuROEi-KFBm32GYDCMmoDAFy3WOXgYRza6Aa2jdzDH3lKrOAKfvwne6fbf2CfAhJU7gkXpIPyMmh0z4g-UCxjdPyChfC8FPR3FTjsRUhNn9-WsOY4_JXFnnp0ggTTCqS4aRiUdMMqwZ1tryVR49GeNAjThh_eSh2w607hVfATEvIew\/s16000\/PPLBlade.webp?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjR4k9ONfvO1erJKuROEi-KFBm32GYDCMmoDAFy3WOXgYRza6Aa2jdzDH3lKrOAKfvwne6fbf2CfAhJU7gkXpIPyMmh0z4g-UCxjdPyChfC8FPR3FTjsRUhNn9-WsOY4_JXFnnp0ggTTCqS4aRiUdMMqwZ1tryVR49GeNAjThh_eSh2w607hVfATEvIew\/s16000\/PPLBlade.webp?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":8410,"url":"https:\/\/kalilinuxtutorials.com\/lsassy-extract-credentials-lsass-remotel\/","url_meta":{"origin":10545,"position":3},"title":"Lsassy : Extract Credentials From Lsass Remotel","author":"R K","date":"January 19, 2020","format":false,"excerpt":"Lsassy is a tool used to extract credentials from lsass remotely. This library uses impacket project to remotely read necessary bytes in lsass dump and pypykatz to extract credentials. ChaptersDescriptionRequirementsRequirements to install lsassy from sourceInstallationInstallation commands from pip or from sourceBasic UsageCommand line template for standalone versionAdvanced UsageAdvanced usage (Dumping\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":10573,"url":"https:\/\/kalilinuxtutorials.com\/catchyou\/","url_meta":{"origin":10545,"position":4},"title":"CatchYou : FUD Win32 Msfvenom Payload Generator","author":"R K","date":"May 15, 2020","format":false,"excerpt":"CatchYou is a tool used for FUD win32 msfvenom payload generator(meterpreter\/shell reverse tcp). Features Fully Undetectable Win32 MSFVenom Payload (meterpreter\/shell reverse tcp)Port Forwarding using ngrokTested: Win7\/Win10 Requirements Metasploit\/MSFVenommingw-w64: apt-get install mingw-w64Forwarding requirements:Ngrok Authtoken (for TCP Tunneling): Sign up at: https:\/\/ngrok.com\/signupYour authtoken is available on your dashboard: https:\/\/dashboard.ngrok.comInstall your auhtoken: .\/ngrok\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":32292,"url":"https:\/\/kalilinuxtutorials.com\/backupcreds\/","url_meta":{"origin":10545,"position":5},"title":"BackupCreds &#8211; Mastering Credential Dumping In Windows","author":"Varshini","date":"March 13, 2024","format":false,"excerpt":"BackupCreds presents a groundbreaking method for security professionals to exploit SeTrustedCredmanAccessPrivilege, enabling the dumping of stored credentials in Windows environments. This article delves into the intricate process of leveraging elevated shells for credential extraction, offering a step-by-step guide on accessing and manipulating the Windows Credential Manager. Discover how BackupCreds transforms\u2026","rel":"","context":"In &quot;Cyber security&quot;","block_context":{"text":"Cyber security","link":"https:\/\/kalilinuxtutorials.com\/category\/cyber-security\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjL_-OzeKX34i6yMA7xb_g8o60vNRVZ0x8wbMqpajjIcYpg6d1M6ju2X1mnTn8Ydj2wVM63JgKRy2a8fhMG3i4S2nyYBHcD2MDl91BXGZebvBRstWoBx8XkgHMO_wfVLirpVX2_dOh6UngN8e7FL-3tUFppMvRqyGAGS69giAvlGyB4VYYSpivj5sWlaYV_\/s16000\/Hackers%20Abuse%20Dropbox.webp?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjL_-OzeKX34i6yMA7xb_g8o60vNRVZ0x8wbMqpajjIcYpg6d1M6ju2X1mnTn8Ydj2wVM63JgKRy2a8fhMG3i4S2nyYBHcD2MDl91BXGZebvBRstWoBx8XkgHMO_wfVLirpVX2_dOh6UngN8e7FL-3tUFppMvRqyGAGS69giAvlGyB4VYYSpivj5sWlaYV_\/s16000\/Hackers%20Abuse%20Dropbox.webp?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjL_-OzeKX34i6yMA7xb_g8o60vNRVZ0x8wbMqpajjIcYpg6d1M6ju2X1mnTn8Ydj2wVM63JgKRy2a8fhMG3i4S2nyYBHcD2MDl91BXGZebvBRstWoBx8XkgHMO_wfVLirpVX2_dOh6UngN8e7FL-3tUFppMvRqyGAGS69giAvlGyB4VYYSpivj5sWlaYV_\/s16000\/Hackers%20Abuse%20Dropbox.webp?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjL_-OzeKX34i6yMA7xb_g8o60vNRVZ0x8wbMqpajjIcYpg6d1M6ju2X1mnTn8Ydj2wVM63JgKRy2a8fhMG3i4S2nyYBHcD2MDl91BXGZebvBRstWoBx8XkgHMO_wfVLirpVX2_dOh6UngN8e7FL-3tUFppMvRqyGAGS69giAvlGyB4VYYSpivj5sWlaYV_\/s16000\/Hackers%20Abuse%20Dropbox.webp?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjL_-OzeKX34i6yMA7xb_g8o60vNRVZ0x8wbMqpajjIcYpg6d1M6ju2X1mnTn8Ydj2wVM63JgKRy2a8fhMG3i4S2nyYBHcD2MDl91BXGZebvBRstWoBx8XkgHMO_wfVLirpVX2_dOh6UngN8e7FL-3tUFppMvRqyGAGS69giAvlGyB4VYYSpivj5sWlaYV_\/s16000\/Hackers%20Abuse%20Dropbox.webp?resize=1050%2C600&ssl=1 3x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjL_-OzeKX34i6yMA7xb_g8o60vNRVZ0x8wbMqpajjIcYpg6d1M6ju2X1mnTn8Ydj2wVM63JgKRy2a8fhMG3i4S2nyYBHcD2MDl91BXGZebvBRstWoBx8XkgHMO_wfVLirpVX2_dOh6UngN8e7FL-3tUFppMvRqyGAGS69giAvlGyB4VYYSpivj5sWlaYV_\/s16000\/Hackers%20Abuse%20Dropbox.webp?resize=1400%2C800&ssl=1 4x"},"classes":[]}],"_links":{"self":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts\/10545","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/comments?post=10545"}],"version-history":[{"count":0,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts\/10545\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/media\/16295"}],"wp:attachment":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/media?parent=10545"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/categories?post=10545"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/tags?post=10545"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}