{"id":20423,"date":"2021-11-22T16:16:29","date_gmt":"2021-11-22T16:16:29","guid":{"rendered":"https:\/\/kalilinuxtutorials.com\/?p=20423"},"modified":"2021-11-22T16:16:30","modified_gmt":"2021-11-22T16:16:30","slug":"handlekatz","status":"publish","type":"post","link":"https:\/\/kalilinuxtutorials.com\/handlekatz\/","title":{"rendered":"HandleKatz : PIC Lsass Dumper Using Cloned Handles"},"content":{"rendered":"\n<p><strong>HandleKatz<\/strong> tool was implemented as part of our Brucon2021 conference talk and demonstrates the usage of&nbsp;<strong>cloned handles to Lsass<\/strong>&nbsp;in order to create an obfuscated memory dump of the same.<\/p>\n\n\n\n<p>It compiles down to an executable&nbsp;<strong>living fully in its text segment<\/strong>. Thus, the extracted .text segment of the PE file is fully position independent code (=PIC), meaning that it can be treated like any shellcode.<\/p>\n\n\n\n<p>The execution of HandleKatz in memory has a very small footprint, as itself does not allocate any more executable memory and can therefore efficiently be combined with concepts such as (Phantom)DLL-Hollowing as described by&nbsp;@_ForrestOrr. This is in contrast to PIC PE loaders, such as Donut, SRDI or Reflective Loaders which, during PE loading, allocate more executable memory. Additionally, it makes use of a modified version of ReactOS MiniDumpWriteDumpA using direct system calls to write an obfuscated dump to disk.<\/p>\n\n\n\n<p>For detailed information please refer to the PDF file&nbsp;<strong>PICYourMalware.pdf<\/strong>&nbsp;in this repository.<\/p>\n\n\n\n<p class=\"has-text-align-center has-vivid-green-cyan-background-color has-background\"><strong>Usage<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>make all<\/strong>&nbsp;to build HandleKatzPIC.exe, HandleKatz.bin and loader.exe<\/li><\/ul>\n\n\n\n<p><strong>Please note<\/strong>&nbsp;that different compiler (versions) yield different results. This might produce a PE file with relocations.<\/p>\n\n\n\n<p>All tests were carried out using&nbsp;<code><strong>x86_64-w64-mingw32-gcc mingw-gcc version 11.2.0 (GCC)<\/strong><\/code>. The produced PIC was successfully tested on: Windows 10 Pro 10.0.17763. On other versions of windows, API hashes might differ.<\/p>\n\n\n\n<p>To use the PIC, cast a pointer to the shellcode in executable memory and call it according to the definition:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code><strong>DWORD handleKatz(BOOL b_only_recon, char* ptr_output_path, uint32_t pid, char* ptr_buf_output);<\/strong>\n<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>b_only_recon<\/strong>&nbsp;If set, HandleKatz will only enumerate suitable handles without dumping<\/li><li><strong>ptr_output_path<\/strong>&nbsp;Determines where the obfuscated dump will be written to<\/li><li><strong>pid<\/strong>&nbsp;What PID to clone a handle from<\/li><li><strong>ptr_buf_output<\/strong>&nbsp;A char pointer to which HandleKatz writes its internal output<\/li><\/ul>\n\n\n\n<p>For deobfuscation of the dump file, the script&nbsp;<strong>Decoder.py<\/strong>&nbsp;can be used.<\/p>\n\n\n\n<p><strong>Loader<\/strong>&nbsp;implements a sample loader for HandleKatz:<\/p>\n\n\n\n<p class=\"has-vivid-green-cyan-color has-black-background-color has-text-color has-background\"><strong>loader.exe &#8211;pid:7331 &#8211;outfile:C:\\Temp\\dump.obfuscated<\/strong><\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" src=\"https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEilwBKv6Ob3eDjUPi3vbqmmegbYXYQm34nw_sXhM7H0gHFzpB-954SvW8krrOMBdU8FcrjQvnJScSw1smECX1yt326ENdffoTQhSn8zCpikWXnNEz3acTOS_ymRE8coa_htjof-Wiu7u3E7TQlNc5UljHnw2DGE1w4tZgre7Ls7H5om1PEscick9JVH=s699\" alt=\"\" \/><\/figure>\n\n\n\n<p class=\"has-text-align-center has-vivid-green-cyan-background-color has-background\"><strong>Detection<\/strong><\/p>\n\n\n\n<p>As cloned handles are used along with modified ReactOS code, no ProcessAccess events can be observed on Lsass. However, ProcessAccess events on programs which hold a handle to Lsass can be observed.<\/p>\n\n\n\n<p>Defenders can monitor for Process Access masks with set&nbsp;<strong>PROCESS_DUP_HANDLE (0x0040)<\/strong>&nbsp;to identify the usage of this tool.<\/p>\n\n\n\n<div class=\"wp-block-buttons is-content-justification-center is-layout-flex wp-block-buttons-is-layout-flex\">\n<div class=\"wp-block-button is-style-outline is-style-outline--1\"><a class=\"wp-block-button__link has-vivid-cyan-blue-background-color has-background\" href=\"https:\/\/github.com\/codewhitesec\/HandleKatz\"><strong>Download<\/strong><\/a><\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>HandleKatz tool was implemented as part of our Brucon2021 conference talk and demonstrates the usage of&nbsp;cloned handles to Lsass&nbsp;in order to create an obfuscated memory dump of the same. It compiles down to an executable&nbsp;living fully in its text segment. Thus, the extracted .text segment of the PE file is fully position independent code (=PIC), [&hellip;]<\/p>\n","protected":false},"author":4,"featured_media":20429,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEi_no5Uqs-ICZ9HMik4ryvrHrO416lIdEg2e9pjLBezw7vzaIn6OlZJpOWP6bQ4rAVJGn9bn6ruvG0vDkjflgRM_jOZzWzh6rbnKRKqXhohfrgi2Rp90FH1xQaTPxPwIFXSo47zODau597MLhLcjBu70S5XV3fqp-_7rjja-VflEqENZgi7GHUmpHyR=s728","fifu_image_alt":"","_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[28],"tags":[4468,4465,4467,4466],"class_list":["post-20423","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-kali","tag-cloned-handles","tag-handlekatz","tag-lsass-dumper","tag-pic"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>HandleKatz : PIC Lsass Dumper Using Cloned Handles<\/title>\n<meta name=\"description\" content=\"HandleKatz tool was implemented as part of our Brucon2021 conference talk and demonstrates the usage of\u00a0cloned handles to Lsass\u00a0.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/kalilinuxtutorials.com\/handlekatz\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"HandleKatz : PIC Lsass Dumper Using Cloned Handles\" \/>\n<meta property=\"og:description\" content=\"HandleKatz tool was implemented as part of our Brucon2021 conference talk and demonstrates the usage of\u00a0cloned handles to Lsass\u00a0.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/kalilinuxtutorials.com\/handlekatz\/\" \/>\n<meta property=\"og:site_name\" content=\"Kali Linux Tutorials\" \/>\n<meta property=\"article:published_time\" content=\"2021-11-22T16:16:29+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-11-22T16:16:30+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEi_no5Uqs-ICZ9HMik4ryvrHrO416lIdEg2e9pjLBezw7vzaIn6OlZJpOWP6bQ4rAVJGn9bn6ruvG0vDkjflgRM_jOZzWzh6rbnKRKqXhohfrgi2Rp90FH1xQaTPxPwIFXSo47zODau597MLhLcjBu70S5XV3fqp-_7rjja-VflEqENZgi7GHUmpHyR=s728\" \/>\n<meta name=\"author\" content=\"R K\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEi_no5Uqs-ICZ9HMik4ryvrHrO416lIdEg2e9pjLBezw7vzaIn6OlZJpOWP6bQ4rAVJGn9bn6ruvG0vDkjflgRM_jOZzWzh6rbnKRKqXhohfrgi2Rp90FH1xQaTPxPwIFXSo47zODau597MLhLcjBu70S5XV3fqp-_7rjja-VflEqENZgi7GHUmpHyR=s728\" \/>\n<meta name=\"twitter:creator\" content=\"@CyberEdition\" \/>\n<meta name=\"twitter:site\" content=\"@CyberEdition\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"R K\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/handlekatz\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/handlekatz\/\"},\"author\":{\"name\":\"R K\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/69444b58b9e267a4cf08fceb34b6f6ad\"},\"headline\":\"HandleKatz : PIC Lsass Dumper Using Cloned Handles\",\"datePublished\":\"2021-11-22T16:16:29+00:00\",\"dateModified\":\"2021-11-22T16:16:30+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/handlekatz\/\"},\"wordCount\":388,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/handlekatz\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEi_no5Uqs-ICZ9HMik4ryvrHrO416lIdEg2e9pjLBezw7vzaIn6OlZJpOWP6bQ4rAVJGn9bn6ruvG0vDkjflgRM_jOZzWzh6rbnKRKqXhohfrgi2Rp90FH1xQaTPxPwIFXSo47zODau597MLhLcjBu70S5XV3fqp-_7rjja-VflEqENZgi7GHUmpHyR=s728\",\"keywords\":[\"Cloned Handles\",\"HandleKatz\",\"Lsass Dumper\",\"PIC\"],\"articleSection\":[\"Kali Linux\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/kalilinuxtutorials.com\/handlekatz\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/handlekatz\/\",\"url\":\"https:\/\/kalilinuxtutorials.com\/handlekatz\/\",\"name\":\"HandleKatz : PIC Lsass Dumper Using Cloned Handles\",\"isPartOf\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/handlekatz\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/handlekatz\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEi_no5Uqs-ICZ9HMik4ryvrHrO416lIdEg2e9pjLBezw7vzaIn6OlZJpOWP6bQ4rAVJGn9bn6ruvG0vDkjflgRM_jOZzWzh6rbnKRKqXhohfrgi2Rp90FH1xQaTPxPwIFXSo47zODau597MLhLcjBu70S5XV3fqp-_7rjja-VflEqENZgi7GHUmpHyR=s728\",\"datePublished\":\"2021-11-22T16:16:29+00:00\",\"dateModified\":\"2021-11-22T16:16:30+00:00\",\"description\":\"HandleKatz tool was implemented as part of our Brucon2021 conference talk and demonstrates the usage of\u00a0cloned handles to Lsass\u00a0.\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/kalilinuxtutorials.com\/handlekatz\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/handlekatz\/#primaryimage\",\"url\":\"https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEi_no5Uqs-ICZ9HMik4ryvrHrO416lIdEg2e9pjLBezw7vzaIn6OlZJpOWP6bQ4rAVJGn9bn6ruvG0vDkjflgRM_jOZzWzh6rbnKRKqXhohfrgi2Rp90FH1xQaTPxPwIFXSo47zODau597MLhLcjBu70S5XV3fqp-_7rjja-VflEqENZgi7GHUmpHyR=s728\",\"contentUrl\":\"https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEi_no5Uqs-ICZ9HMik4ryvrHrO416lIdEg2e9pjLBezw7vzaIn6OlZJpOWP6bQ4rAVJGn9bn6ruvG0vDkjflgRM_jOZzWzh6rbnKRKqXhohfrgi2Rp90FH1xQaTPxPwIFXSo47zODau597MLhLcjBu70S5XV3fqp-_7rjja-VflEqENZgi7GHUmpHyR=s728\",\"width\":\"728\",\"height\":\"380\"},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#website\",\"url\":\"https:\/\/kalilinuxtutorials.com\/\",\"name\":\"Kali Linux Tutorials\",\"description\":\"Kali Linux Tutorials\",\"publisher\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/kalilinuxtutorials.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\",\"name\":\"Kali Linux Tutorials\",\"url\":\"https:\/\/kalilinuxtutorials.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png\",\"contentUrl\":\"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png\",\"width\":272,\"height\":90,\"caption\":\"Kali Linux Tutorials\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/CyberEdition\",\"https:\/\/www.threads.com\/@cybersecurityedition\",\"https:\/\/www.linkedin.com\/company\/cyberedition\",\"https:\/\/www.instagram.com\/cybersecurityedition\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/69444b58b9e267a4cf08fceb34b6f6ad\",\"name\":\"R K\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d3937c9687f2da11bc0a716404ff91779fe19ca115208dbf66167ad353aca5aa?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d3937c9687f2da11bc0a716404ff91779fe19ca115208dbf66167ad353aca5aa?s=96&d=mm&r=g\",\"caption\":\"R K\"},\"url\":\"https:\/\/kalilinuxtutorials.com\/author\/ranjith\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"HandleKatz : PIC Lsass Dumper Using Cloned Handles","description":"HandleKatz tool was implemented as part of our Brucon2021 conference talk and demonstrates the usage of\u00a0cloned handles to Lsass\u00a0.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/kalilinuxtutorials.com\/handlekatz\/","og_locale":"en_US","og_type":"article","og_title":"HandleKatz : PIC Lsass Dumper Using Cloned Handles","og_description":"HandleKatz tool was implemented as part of our Brucon2021 conference talk and demonstrates the usage of\u00a0cloned handles to Lsass\u00a0.","og_url":"https:\/\/kalilinuxtutorials.com\/handlekatz\/","og_site_name":"Kali Linux Tutorials","article_published_time":"2021-11-22T16:16:29+00:00","article_modified_time":"2021-11-22T16:16:30+00:00","og_image":[{"url":"https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEi_no5Uqs-ICZ9HMik4ryvrHrO416lIdEg2e9pjLBezw7vzaIn6OlZJpOWP6bQ4rAVJGn9bn6ruvG0vDkjflgRM_jOZzWzh6rbnKRKqXhohfrgi2Rp90FH1xQaTPxPwIFXSo47zODau597MLhLcjBu70S5XV3fqp-_7rjja-VflEqENZgi7GHUmpHyR=s728","type":"","width":"","height":""}],"author":"R K","twitter_card":"summary_large_image","twitter_image":"https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEi_no5Uqs-ICZ9HMik4ryvrHrO416lIdEg2e9pjLBezw7vzaIn6OlZJpOWP6bQ4rAVJGn9bn6ruvG0vDkjflgRM_jOZzWzh6rbnKRKqXhohfrgi2Rp90FH1xQaTPxPwIFXSo47zODau597MLhLcjBu70S5XV3fqp-_7rjja-VflEqENZgi7GHUmpHyR=s728","twitter_creator":"@CyberEdition","twitter_site":"@CyberEdition","twitter_misc":{"Written by":"R K","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/kalilinuxtutorials.com\/handlekatz\/#article","isPartOf":{"@id":"https:\/\/kalilinuxtutorials.com\/handlekatz\/"},"author":{"name":"R K","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/69444b58b9e267a4cf08fceb34b6f6ad"},"headline":"HandleKatz : PIC Lsass Dumper Using Cloned Handles","datePublished":"2021-11-22T16:16:29+00:00","dateModified":"2021-11-22T16:16:30+00:00","mainEntityOfPage":{"@id":"https:\/\/kalilinuxtutorials.com\/handlekatz\/"},"wordCount":388,"commentCount":0,"publisher":{"@id":"https:\/\/kalilinuxtutorials.com\/#organization"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/handlekatz\/#primaryimage"},"thumbnailUrl":"https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEi_no5Uqs-ICZ9HMik4ryvrHrO416lIdEg2e9pjLBezw7vzaIn6OlZJpOWP6bQ4rAVJGn9bn6ruvG0vDkjflgRM_jOZzWzh6rbnKRKqXhohfrgi2Rp90FH1xQaTPxPwIFXSo47zODau597MLhLcjBu70S5XV3fqp-_7rjja-VflEqENZgi7GHUmpHyR=s728","keywords":["Cloned Handles","HandleKatz","Lsass Dumper","PIC"],"articleSection":["Kali Linux"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/kalilinuxtutorials.com\/handlekatz\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/kalilinuxtutorials.com\/handlekatz\/","url":"https:\/\/kalilinuxtutorials.com\/handlekatz\/","name":"HandleKatz : PIC Lsass Dumper Using Cloned Handles","isPartOf":{"@id":"https:\/\/kalilinuxtutorials.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/kalilinuxtutorials.com\/handlekatz\/#primaryimage"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/handlekatz\/#primaryimage"},"thumbnailUrl":"https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEi_no5Uqs-ICZ9HMik4ryvrHrO416lIdEg2e9pjLBezw7vzaIn6OlZJpOWP6bQ4rAVJGn9bn6ruvG0vDkjflgRM_jOZzWzh6rbnKRKqXhohfrgi2Rp90FH1xQaTPxPwIFXSo47zODau597MLhLcjBu70S5XV3fqp-_7rjja-VflEqENZgi7GHUmpHyR=s728","datePublished":"2021-11-22T16:16:29+00:00","dateModified":"2021-11-22T16:16:30+00:00","description":"HandleKatz tool was implemented as part of our Brucon2021 conference talk and demonstrates the usage of\u00a0cloned handles to Lsass\u00a0.","inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/kalilinuxtutorials.com\/handlekatz\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/handlekatz\/#primaryimage","url":"https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEi_no5Uqs-ICZ9HMik4ryvrHrO416lIdEg2e9pjLBezw7vzaIn6OlZJpOWP6bQ4rAVJGn9bn6ruvG0vDkjflgRM_jOZzWzh6rbnKRKqXhohfrgi2Rp90FH1xQaTPxPwIFXSo47zODau597MLhLcjBu70S5XV3fqp-_7rjja-VflEqENZgi7GHUmpHyR=s728","contentUrl":"https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEi_no5Uqs-ICZ9HMik4ryvrHrO416lIdEg2e9pjLBezw7vzaIn6OlZJpOWP6bQ4rAVJGn9bn6ruvG0vDkjflgRM_jOZzWzh6rbnKRKqXhohfrgi2Rp90FH1xQaTPxPwIFXSo47zODau597MLhLcjBu70S5XV3fqp-_7rjja-VflEqENZgi7GHUmpHyR=s728","width":"728","height":"380"},{"@type":"WebSite","@id":"https:\/\/kalilinuxtutorials.com\/#website","url":"https:\/\/kalilinuxtutorials.com\/","name":"Kali Linux Tutorials","description":"Kali Linux Tutorials","publisher":{"@id":"https:\/\/kalilinuxtutorials.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/kalilinuxtutorials.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/kalilinuxtutorials.com\/#organization","name":"Kali Linux Tutorials","url":"https:\/\/kalilinuxtutorials.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/","url":"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png","contentUrl":"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png","width":272,"height":90,"caption":"Kali Linux Tutorials"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/CyberEdition","https:\/\/www.threads.com\/@cybersecurityedition","https:\/\/www.linkedin.com\/company\/cyberedition","https:\/\/www.instagram.com\/cybersecurityedition\/"]},{"@type":"Person","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/69444b58b9e267a4cf08fceb34b6f6ad","name":"R K","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/d3937c9687f2da11bc0a716404ff91779fe19ca115208dbf66167ad353aca5aa?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d3937c9687f2da11bc0a716404ff91779fe19ca115208dbf66167ad353aca5aa?s=96&d=mm&r=g","caption":"R K"},"url":"https:\/\/kalilinuxtutorials.com\/author\/ranjith\/"}]}},"jetpack_featured_media_url":"https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEi_no5Uqs-ICZ9HMik4ryvrHrO416lIdEg2e9pjLBezw7vzaIn6OlZJpOWP6bQ4rAVJGn9bn6ruvG0vDkjflgRM_jOZzWzh6rbnKRKqXhohfrgi2Rp90FH1xQaTPxPwIFXSo47zODau597MLhLcjBu70S5XV3fqp-_7rjja-VflEqENZgi7GHUmpHyR=s728","jetpack_sharing_enabled":true,"jetpack-related-posts":[{"id":35389,"url":"https:\/\/kalilinuxtutorials.com\/go-lsass\/","url_meta":{"origin":20423,"position":0},"title":"go-lsass : Remote LSASS Memory Dumping via SMB","author":"Varshini","date":"December 6, 2024","format":false,"excerpt":"Package go-lsass is a tool built to dump the memory of the LSASS process remotely by uploading a local LSASS dumper, executing it as a service and then retrieve the dump file using SMB. It is built on top of the library go-smb and is designed to primarily work with\u2026","rel":"","context":"In &quot;Pentesting Tools&quot;","block_context":{"text":"Pentesting Tools","link":"https:\/\/kalilinuxtutorials.com\/category\/penetration-testing-tools\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjABeRDSMzS78kHoufR8U7YuqUOZThryJ0fVAh9q7RAC1zWmpxZpEmVB9uR6uCYIdqS92IKBBD4Zy1j1XZ3wxSDnu_dMlnOqCrSJRuZQV4H35N3Uerh2l8-nW0pZZa9BAokNBTgAWjKY6aIuo8dxiSR8Pv3rcPeD2NHMeX_NQQwAWwKV7lyXQhXrN3Y_3Fn\/s1600\/go-lsass.webp?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjABeRDSMzS78kHoufR8U7YuqUOZThryJ0fVAh9q7RAC1zWmpxZpEmVB9uR6uCYIdqS92IKBBD4Zy1j1XZ3wxSDnu_dMlnOqCrSJRuZQV4H35N3Uerh2l8-nW0pZZa9BAokNBTgAWjKY6aIuo8dxiSR8Pv3rcPeD2NHMeX_NQQwAWwKV7lyXQhXrN3Y_3Fn\/s1600\/go-lsass.webp?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjABeRDSMzS78kHoufR8U7YuqUOZThryJ0fVAh9q7RAC1zWmpxZpEmVB9uR6uCYIdqS92IKBBD4Zy1j1XZ3wxSDnu_dMlnOqCrSJRuZQV4H35N3Uerh2l8-nW0pZZa9BAokNBTgAWjKY6aIuo8dxiSR8Pv3rcPeD2NHMeX_NQQwAWwKV7lyXQhXrN3Y_3Fn\/s1600\/go-lsass.webp?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjABeRDSMzS78kHoufR8U7YuqUOZThryJ0fVAh9q7RAC1zWmpxZpEmVB9uR6uCYIdqS92IKBBD4Zy1j1XZ3wxSDnu_dMlnOqCrSJRuZQV4H35N3Uerh2l8-nW0pZZa9BAokNBTgAWjKY6aIuo8dxiSR8Pv3rcPeD2NHMeX_NQQwAWwKV7lyXQhXrN3Y_3Fn\/s1600\/go-lsass.webp?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjABeRDSMzS78kHoufR8U7YuqUOZThryJ0fVAh9q7RAC1zWmpxZpEmVB9uR6uCYIdqS92IKBBD4Zy1j1XZ3wxSDnu_dMlnOqCrSJRuZQV4H35N3Uerh2l8-nW0pZZa9BAokNBTgAWjKY6aIuo8dxiSR8Pv3rcPeD2NHMeX_NQQwAWwKV7lyXQhXrN3Y_3Fn\/s1600\/go-lsass.webp?resize=1050%2C600&ssl=1 3x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjABeRDSMzS78kHoufR8U7YuqUOZThryJ0fVAh9q7RAC1zWmpxZpEmVB9uR6uCYIdqS92IKBBD4Zy1j1XZ3wxSDnu_dMlnOqCrSJRuZQV4H35N3Uerh2l8-nW0pZZa9BAokNBTgAWjKY6aIuo8dxiSR8Pv3rcPeD2NHMeX_NQQwAWwKV7lyXQhXrN3Y_3Fn\/s1600\/go-lsass.webp?resize=1400%2C800&ssl=1 4x"},"classes":[]},{"id":28923,"url":"https:\/\/kalilinuxtutorials.com\/shoggoth\/","url_meta":{"origin":20423,"position":1},"title":"Shoggoth &#8211; Asmjit Based Polymorphic Encryptor","author":"R K","date":"April 28, 2023","format":false,"excerpt":"Shoggoth is an open-source project based on C++ and asmjit library used to encrypt given shellcode, PE, and COFF files polymorphically. Shoggoth will generate an output file that stores the payload and its corresponding loader in an obfuscated form. Since the content of the output is position-independent, it can be\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhNbU3WEbhIcgLAGlUfNml8edasQdKFLcKxCpMs1RUN7nmtc6i4vo1B5s4wXmsHmVsQizbb08SfcDyvL2CwzpiThJ42ilbz8S3Ub2dHI-z_zIgIt-XlAJ_SO035l6EtvxlIVwpbHQAo2i2jY20x6ixWGqA0Vxik5tqgJ537kNZzcs_efCyGVv3EPsPg\/s16000\/kali%20temp%20%282%29.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhNbU3WEbhIcgLAGlUfNml8edasQdKFLcKxCpMs1RUN7nmtc6i4vo1B5s4wXmsHmVsQizbb08SfcDyvL2CwzpiThJ42ilbz8S3Ub2dHI-z_zIgIt-XlAJ_SO035l6EtvxlIVwpbHQAo2i2jY20x6ixWGqA0Vxik5tqgJ537kNZzcs_efCyGVv3EPsPg\/s16000\/kali%20temp%20%282%29.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhNbU3WEbhIcgLAGlUfNml8edasQdKFLcKxCpMs1RUN7nmtc6i4vo1B5s4wXmsHmVsQizbb08SfcDyvL2CwzpiThJ42ilbz8S3Ub2dHI-z_zIgIt-XlAJ_SO035l6EtvxlIVwpbHQAo2i2jY20x6ixWGqA0Vxik5tqgJ537kNZzcs_efCyGVv3EPsPg\/s16000\/kali%20temp%20%282%29.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhNbU3WEbhIcgLAGlUfNml8edasQdKFLcKxCpMs1RUN7nmtc6i4vo1B5s4wXmsHmVsQizbb08SfcDyvL2CwzpiThJ42ilbz8S3Ub2dHI-z_zIgIt-XlAJ_SO035l6EtvxlIVwpbHQAo2i2jY20x6ixWGqA0Vxik5tqgJ537kNZzcs_efCyGVv3EPsPg\/s16000\/kali%20temp%20%282%29.png?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":31642,"url":"https:\/\/kalilinuxtutorials.com\/pplblade\/","url_meta":{"origin":20423,"position":2},"title":"PPLBlade: Advanced Memory Dumping and Obfuscation Tool","author":"Varshini","date":"August 20, 2025","format":false,"excerpt":"PPLBlade is a powerful Protected Process Dumper designed to capture memory from target processes, hide the data using obfuscation, and transfer it to remote workstations without leaving files on disk. It is widely used for advanced security testing and memory analysis. Key Features of PPLBlade Bypass PPL protection \u2013 Works\u2026","rel":"","context":"In &quot;Exploitation Tools&quot;","block_context":{"text":"Exploitation Tools","link":"https:\/\/kalilinuxtutorials.com\/category\/et\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjR4k9ONfvO1erJKuROEi-KFBm32GYDCMmoDAFy3WOXgYRza6Aa2jdzDH3lKrOAKfvwne6fbf2CfAhJU7gkXpIPyMmh0z4g-UCxjdPyChfC8FPR3FTjsRUhNn9-WsOY4_JXFnnp0ggTTCqS4aRiUdMMqwZ1tryVR49GeNAjThh_eSh2w607hVfATEvIew\/s16000\/PPLBlade.webp?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjR4k9ONfvO1erJKuROEi-KFBm32GYDCMmoDAFy3WOXgYRza6Aa2jdzDH3lKrOAKfvwne6fbf2CfAhJU7gkXpIPyMmh0z4g-UCxjdPyChfC8FPR3FTjsRUhNn9-WsOY4_JXFnnp0ggTTCqS4aRiUdMMqwZ1tryVR49GeNAjThh_eSh2w607hVfATEvIew\/s16000\/PPLBlade.webp?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjR4k9ONfvO1erJKuROEi-KFBm32GYDCMmoDAFy3WOXgYRza6Aa2jdzDH3lKrOAKfvwne6fbf2CfAhJU7gkXpIPyMmh0z4g-UCxjdPyChfC8FPR3FTjsRUhNn9-WsOY4_JXFnnp0ggTTCqS4aRiUdMMqwZ1tryVR49GeNAjThh_eSh2w607hVfATEvIew\/s16000\/PPLBlade.webp?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjR4k9ONfvO1erJKuROEi-KFBm32GYDCMmoDAFy3WOXgYRza6Aa2jdzDH3lKrOAKfvwne6fbf2CfAhJU7gkXpIPyMmh0z4g-UCxjdPyChfC8FPR3FTjsRUhNn9-WsOY4_JXFnnp0ggTTCqS4aRiUdMMqwZ1tryVR49GeNAjThh_eSh2w607hVfATEvIew\/s16000\/PPLBlade.webp?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":35248,"url":"https:\/\/kalilinuxtutorials.com\/shadowdumper\/","url_meta":{"origin":20423,"position":3},"title":"ShadowDumper &#8211; Advanced Techniques For LSASS Memory Extraction","author":"Varshini","date":"November 18, 2024","format":false,"excerpt":"Shadow Dumper is a powerful tool used to dump LSASS (Local Security Authority Subsystem Service) memory, often needed in penetration testing and red teaming activities. It offers flexible options to users and uses multiple advanced techniques to dump memory, allowing to access sensitive data in LSASS memory. Capabilities Unhooked Injection\u2026","rel":"","context":"In &quot;Hacking Tools&quot;","block_context":{"text":"Hacking Tools","link":"https:\/\/kalilinuxtutorials.com\/category\/hacking-tools\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgxq2jjmgvGfRH_nmitfjFwrfPqJeKGWMaRZUJRYN79JXU0cKq_OaM4EjbQ1zA3SONCL96Nxr3Y_r951_OpLmoUrMtdEQumiYFoeMll1a7fdtrdkMrv9JQY6OwA2MiWJqA8vQ9Ukn0HZ5ttd2P0i70BGJVdjLm0x5VHC0nhyphenhyphentYG6p25_qEX2vuxc_GlEQbt\/s1600\/ShadowDumper%20.webp?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgxq2jjmgvGfRH_nmitfjFwrfPqJeKGWMaRZUJRYN79JXU0cKq_OaM4EjbQ1zA3SONCL96Nxr3Y_r951_OpLmoUrMtdEQumiYFoeMll1a7fdtrdkMrv9JQY6OwA2MiWJqA8vQ9Ukn0HZ5ttd2P0i70BGJVdjLm0x5VHC0nhyphenhyphentYG6p25_qEX2vuxc_GlEQbt\/s1600\/ShadowDumper%20.webp?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgxq2jjmgvGfRH_nmitfjFwrfPqJeKGWMaRZUJRYN79JXU0cKq_OaM4EjbQ1zA3SONCL96Nxr3Y_r951_OpLmoUrMtdEQumiYFoeMll1a7fdtrdkMrv9JQY6OwA2MiWJqA8vQ9Ukn0HZ5ttd2P0i70BGJVdjLm0x5VHC0nhyphenhyphentYG6p25_qEX2vuxc_GlEQbt\/s1600\/ShadowDumper%20.webp?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgxq2jjmgvGfRH_nmitfjFwrfPqJeKGWMaRZUJRYN79JXU0cKq_OaM4EjbQ1zA3SONCL96Nxr3Y_r951_OpLmoUrMtdEQumiYFoeMll1a7fdtrdkMrv9JQY6OwA2MiWJqA8vQ9Ukn0HZ5ttd2P0i70BGJVdjLm0x5VHC0nhyphenhyphentYG6p25_qEX2vuxc_GlEQbt\/s1600\/ShadowDumper%20.webp?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgxq2jjmgvGfRH_nmitfjFwrfPqJeKGWMaRZUJRYN79JXU0cKq_OaM4EjbQ1zA3SONCL96Nxr3Y_r951_OpLmoUrMtdEQumiYFoeMll1a7fdtrdkMrv9JQY6OwA2MiWJqA8vQ9Ukn0HZ5ttd2P0i70BGJVdjLm0x5VHC0nhyphenhyphentYG6p25_qEX2vuxc_GlEQbt\/s1600\/ShadowDumper%20.webp?resize=1050%2C600&ssl=1 3x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgxq2jjmgvGfRH_nmitfjFwrfPqJeKGWMaRZUJRYN79JXU0cKq_OaM4EjbQ1zA3SONCL96Nxr3Y_r951_OpLmoUrMtdEQumiYFoeMll1a7fdtrdkMrv9JQY6OwA2MiWJqA8vQ9Ukn0HZ5ttd2P0i70BGJVdjLm0x5VHC0nhyphenhyphentYG6p25_qEX2vuxc_GlEQbt\/s1600\/ShadowDumper%20.webp?resize=1400%2C800&ssl=1 4x"},"classes":[]},{"id":25265,"url":"https:\/\/kalilinuxtutorials.com\/nanodump\/","url_meta":{"origin":20423,"position":4},"title":"Nanodump : A Crappy LSASS Dumper With No ASCII Art","author":"R K","date":"June 19, 2022","format":false,"excerpt":"Nanodump, a flexible tool that creates a minidump of the LSASS process. Features It uses syscalls (with\u00a0SysWhispers2) for most operations.Syscalls are called from an\u00a0ntdll\u00a0address to bypass some syscall detections.It sets the syscall callback hook to NULL.Windows APIs are called using dynamic invoke.You can choose to download the dump without touching\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiENqdJgkaKOZyrSip4JpvgCc11J3ltKXyqXatcgV-lb51ne0HFzgDv7Arz615o2IjKIMAXAuV2GOG6IdOAf8UTyaxGLe0ZKuM5f_XmPf-elci0irrjb-VYujcBVv5SWimshUFrU5cmJ8jfiBnMiiNhcdz97Zt4R7-8m5ayuax3zY320-yLsBH2F_3m\/s728\/nanodump-a-crappy-lsass-dumper-with-no-ascii-art.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiENqdJgkaKOZyrSip4JpvgCc11J3ltKXyqXatcgV-lb51ne0HFzgDv7Arz615o2IjKIMAXAuV2GOG6IdOAf8UTyaxGLe0ZKuM5f_XmPf-elci0irrjb-VYujcBVv5SWimshUFrU5cmJ8jfiBnMiiNhcdz97Zt4R7-8m5ayuax3zY320-yLsBH2F_3m\/s728\/nanodump-a-crappy-lsass-dumper-with-no-ascii-art.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiENqdJgkaKOZyrSip4JpvgCc11J3ltKXyqXatcgV-lb51ne0HFzgDv7Arz615o2IjKIMAXAuV2GOG6IdOAf8UTyaxGLe0ZKuM5f_XmPf-elci0irrjb-VYujcBVv5SWimshUFrU5cmJ8jfiBnMiiNhcdz97Zt4R7-8m5ayuax3zY320-yLsBH2F_3m\/s728\/nanodump-a-crappy-lsass-dumper-with-no-ascii-art.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiENqdJgkaKOZyrSip4JpvgCc11J3ltKXyqXatcgV-lb51ne0HFzgDv7Arz615o2IjKIMAXAuV2GOG6IdOAf8UTyaxGLe0ZKuM5f_XmPf-elci0irrjb-VYujcBVv5SWimshUFrU5cmJ8jfiBnMiiNhcdz97Zt4R7-8m5ayuax3zY320-yLsBH2F_3m\/s728\/nanodump-a-crappy-lsass-dumper-with-no-ascii-art.png?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":28274,"url":"https:\/\/kalilinuxtutorials.com\/aceldr\/","url_meta":{"origin":20423,"position":5},"title":"AceLdr : Cobalt Strike UDRL For Memory Scanner Evasion","author":"R K","date":"February 10, 2023","format":false,"excerpt":"AceLdr is a position-independent reflective loader for Cobalt Strike. Zero results from Hunt-Sleeping-Beacons, BeaconHunter, BeaconEye, Patriot, Moneta, PE-sieve, or MalMemDetect. Features Easy to Use Import a single CNA script before generating shellcode. Dynamic Memory Encryption Creates a new heap for any allocations from Beacon and encrypts entries before sleep. Code\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiMPj5IS9l-hvw893lmHFLnWE9oZ2kW5Sjx73Xvf_C2T86fOO6AAP46Wkh4QOAg8EtD-f01aLlEGsfbBRgPljMqjC73JGtFFZv_eY9TPI3o5ViIMlNUEGjXKZikhYibF0dC6oSSh0-2GVUfUiN17U8Ef505OVeCNIWvgkb1G1nT-o1wQYZqQHF8ZfNp\/s1080\/AceLdr.gif?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiMPj5IS9l-hvw893lmHFLnWE9oZ2kW5Sjx73Xvf_C2T86fOO6AAP46Wkh4QOAg8EtD-f01aLlEGsfbBRgPljMqjC73JGtFFZv_eY9TPI3o5ViIMlNUEGjXKZikhYibF0dC6oSSh0-2GVUfUiN17U8Ef505OVeCNIWvgkb1G1nT-o1wQYZqQHF8ZfNp\/s1080\/AceLdr.gif?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiMPj5IS9l-hvw893lmHFLnWE9oZ2kW5Sjx73Xvf_C2T86fOO6AAP46Wkh4QOAg8EtD-f01aLlEGsfbBRgPljMqjC73JGtFFZv_eY9TPI3o5ViIMlNUEGjXKZikhYibF0dC6oSSh0-2GVUfUiN17U8Ef505OVeCNIWvgkb1G1nT-o1wQYZqQHF8ZfNp\/s1080\/AceLdr.gif?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiMPj5IS9l-hvw893lmHFLnWE9oZ2kW5Sjx73Xvf_C2T86fOO6AAP46Wkh4QOAg8EtD-f01aLlEGsfbBRgPljMqjC73JGtFFZv_eY9TPI3o5ViIMlNUEGjXKZikhYibF0dC6oSSh0-2GVUfUiN17U8Ef505OVeCNIWvgkb1G1nT-o1wQYZqQHF8ZfNp\/s1080\/AceLdr.gif?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiMPj5IS9l-hvw893lmHFLnWE9oZ2kW5Sjx73Xvf_C2T86fOO6AAP46Wkh4QOAg8EtD-f01aLlEGsfbBRgPljMqjC73JGtFFZv_eY9TPI3o5ViIMlNUEGjXKZikhYibF0dC6oSSh0-2GVUfUiN17U8Ef505OVeCNIWvgkb1G1nT-o1wQYZqQHF8ZfNp\/s1080\/AceLdr.gif?resize=1050%2C600&ssl=1 3x"},"classes":[]}],"_links":{"self":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts\/20423","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/comments?post=20423"}],"version-history":[{"count":6,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts\/20423\/revisions"}],"predecessor-version":[{"id":20603,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts\/20423\/revisions\/20603"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/media\/20429"}],"wp:attachment":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/media?parent=20423"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/categories?post=20423"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/tags?post=20423"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}