{"id":32292,"date":"2024-03-13T06:00:29","date_gmt":"2024-03-13T06:00:29","guid":{"rendered":"https:\/\/kalilinuxtutorials.com\/?p=32292"},"modified":"2024-03-13T06:00:30","modified_gmt":"2024-03-13T06:00:30","slug":"backupcreds","status":"publish","type":"post","link":"https:\/\/kalilinuxtutorials.com\/backupcreds\/","title":{"rendered":"BackupCreds – Mastering Credential Dumping In Windows"},"content":{"rendered":"\n

BackupCreds presents a groundbreaking method for security professionals to exploit SeTrustedCredmanAccessPrivilege, enabling the dumping of stored credentials in Windows environments. <\/p>\n\n\n\n

This article delves into the intricate process of leveraging elevated shells for credential extraction, offering a step-by-step guide on accessing and manipulating the Windows Credential Manager. <\/p>\n\n\n\n

Discover how BackupCreds transforms security testing and vulnerability assessments with its innovative approach.<\/p>\n\n\n\n

________________________________________________\r\n|      _____________________________           |\r\n| [][] _____________________________ [_][_][_] |\r\n| [][] [_][_][_] [_][_][_][_] [_][_] [_][_][_] |\r\n|            Dump all the Creds!               |\r\n| [][] [][][][][][][][][][][][][][_] [][][][]  |\r\n| [][] [_][][][][][][][][][][][][][] [][][][]  |\r\n| [][] [__][][][][][][][][][][][][_] [][][][]  |\r\n| [][] [___][][][][][][][][][][][__] [__][][]  |\r\n|          [_][______________][_]              |\r\n|          Lefteris (lefty) Panos              |\r\n|______________________________________________|<\/code><\/pre>\n\n\n\n
Abusing SeTrusted Credman Access Privilege To Dump User Creds<\/strong><\/a><\/h2>\n\n\n\n
The program provides the ability to dump the stored credentials a user might have in the Windows Credential Manager.<\/p>\n\n\n\n
It is a useful technique in cases where an elevated shell exists and multiple users are currently logged in.<\/p>\n\n\n\n
Steps<\/strong><\/a><\/h2>\n\n\n\n
    \n
  1. Finds the right WinLogon process of the user we want to dump the creds<\/li>\n\n\n\n
  2. Opens the WinLogon process with PROCESS_QUERY_LIMITED_INFORMATION access<\/li>\n\n\n\n
  3. Duplicates token with TOKEN_DUPLICATE access<\/li>\n\n\n\n
  4. Turns token to impersonation token<\/li>\n\n\n\n
  5. Enables SeTrustedCredmanAccessPrivilege permission<\/li>\n\n\n\n
  6. Opens the target process of the user<\/li>\n\n\n\n
  7. Steals and impersonates target user<\/li>\n\n\n\n
  8. Calls CredBackupCredentials while impersonating the WinLogon token passing a path to write to and a NULL password to disable the user encryption<\/li>\n\n\n\n
  9. While still impersonating opens the file and decrypts it using the CryptUnprotectData API<\/li>\n\n\n\n
  10. Deletes the file<\/li>\n<\/ol>\n\n\n\n
    Usage<\/strong><\/a><\/h2>\n\n\n\n
    backupcreds [PID of target user]<\/code> [path to save file]<\/code><\/p>\n\n\n\n
    Must be run from an elevated context.<\/p>\n\n\n\n
    OPSEC<\/strong><\/a><\/h2>\n\n\n\n
    Currently writes to disk to an operator provided path. Will delete the path once done. Accesses WinLogon.<\/p>\n","protected":false},"excerpt":{"rendered":"
    BackupCreds presents a groundbreaking method for security professionals to exploit SeTrustedCredmanAccessPrivilege, enabling the dumping of stored credentials in Windows environments. This article delves into the intricate process of leveraging elevated shells for credential extraction, offering a step-by-step guide on accessing and manipulating the Windows Credential Manager. Discover how BackupCreds transforms security testing and vulnerability assessments […]<\/p>\n","protected":false},"author":12,"featured_media":32296,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjL_-OzeKX34i6yMA7xb_g8o60vNRVZ0x8wbMqpajjIcYpg6d1M6ju2X1mnTn8Ydj2wVM63JgKRy2a8fhMG3i4S2nyYBHcD2MDl91BXGZebvBRstWoBx8XkgHMO_wfVLirpVX2_dOh6UngN8e7FL-3tUFppMvRqyGAGS69giAvlGyB4VYYSpivj5sWlaYV_\/s16000\/Hackers%20Abuse%20Dropbox.webp","fifu_image_alt":"","_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[20,22,45],"tags":[6608,737,6321,6052,6325],"class_list":["post-32292","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cyber-security","category-et","category-windows","tag-backupcreds","tag-cybersecurity","tag-informationsecurity","tag-kalilinux","tag-kalilinuxtools"],"yoast_head":"\nBackupCreds - Mastering Credential Dumping In Windows<\/title>\n<meta name=\"description\" content=\""BackupCreds presents a groundbreaking method for security professionals to exploit SeTrustedCredmanAccessPrivilege, enabling the dumping of\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/kalilinuxtutorials.com\/backupcreds\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"BackupCreds - Mastering Credential Dumping In Windows\" \/>\n<meta property=\"og:description\" content=\""BackupCreds presents a groundbreaking method for security professionals to exploit SeTrustedCredmanAccessPrivilege, enabling the dumping of\" \/>\n<meta property=\"og:url\" content=\"https:\/\/kalilinuxtutorials.com\/backupcreds\/\" \/>\n<meta property=\"og:site_name\" content=\"Kali Linux Tutorials\" \/>\n<meta property=\"article:published_time\" content=\"2024-03-13T06:00:29+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-03-13T06:00:30+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjL_-OzeKX34i6yMA7xb_g8o60vNRVZ0x8wbMqpajjIcYpg6d1M6ju2X1mnTn8Ydj2wVM63JgKRy2a8fhMG3i4S2nyYBHcD2MDl91BXGZebvBRstWoBx8XkgHMO_wfVLirpVX2_dOh6UngN8e7FL-3tUFppMvRqyGAGS69giAvlGyB4VYYSpivj5sWlaYV_\/s16000\/Hackers%20Abuse%20Dropbox.webp\" \/>\n<meta name=\"author\" content=\"Varshini\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjL_-OzeKX34i6yMA7xb_g8o60vNRVZ0x8wbMqpajjIcYpg6d1M6ju2X1mnTn8Ydj2wVM63JgKRy2a8fhMG3i4S2nyYBHcD2MDl91BXGZebvBRstWoBx8XkgHMO_wfVLirpVX2_dOh6UngN8e7FL-3tUFppMvRqyGAGS69giAvlGyB4VYYSpivj5sWlaYV_\/s16000\/Hackers%20Abuse%20Dropbox.webp\" \/>\n<meta name=\"twitter:creator\" content=\"@CyberEdition\" \/>\n<meta name=\"twitter:site\" content=\"@CyberEdition\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Varshini\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/backupcreds\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/backupcreds\/\"},\"author\":{\"name\":\"Varshini\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/3c3b3f82a74146532c4def299fe069fa\"},\"headline\":\"BackupCreds – Mastering Credential Dumping In Windows\",\"datePublished\":\"2024-03-13T06:00:29+00:00\",\"dateModified\":\"2024-03-13T06:00:30+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/backupcreds\/\"},\"wordCount\":231,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/backupcreds\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjL_-OzeKX34i6yMA7xb_g8o60vNRVZ0x8wbMqpajjIcYpg6d1M6ju2X1mnTn8Ydj2wVM63JgKRy2a8fhMG3i4S2nyYBHcD2MDl91BXGZebvBRstWoBx8XkgHMO_wfVLirpVX2_dOh6UngN8e7FL-3tUFppMvRqyGAGS69giAvlGyB4VYYSpivj5sWlaYV_\/s16000\/Hackers%20Abuse%20Dropbox.webp\",\"keywords\":[\"BackupCreds\",\"cybersecurity\",\"informationsecurity\",\"kalilinux\",\"kalilinuxtools\"],\"articleSection\":[\"Cyber security\",\"Exploitation Tools\",\"Windows\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/kalilinuxtutorials.com\/backupcreds\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/backupcreds\/\",\"url\":\"https:\/\/kalilinuxtutorials.com\/backupcreds\/\",\"name\":\"BackupCreds - Mastering Credential Dumping In Windows\",\"isPartOf\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/backupcreds\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/backupcreds\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjL_-OzeKX34i6yMA7xb_g8o60vNRVZ0x8wbMqpajjIcYpg6d1M6ju2X1mnTn8Ydj2wVM63JgKRy2a8fhMG3i4S2nyYBHcD2MDl91BXGZebvBRstWoBx8XkgHMO_wfVLirpVX2_dOh6UngN8e7FL-3tUFppMvRqyGAGS69giAvlGyB4VYYSpivj5sWlaYV_\/s16000\/Hackers%20Abuse%20Dropbox.webp\",\"datePublished\":\"2024-03-13T06:00:29+00:00\",\"dateModified\":\"2024-03-13T06:00:30+00:00\",\"description\":\"\\\"BackupCreds presents a groundbreaking method for security professionals to exploit SeTrustedCredmanAccessPrivilege, enabling the dumping of\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/kalilinuxtutorials.com\/backupcreds\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/backupcreds\/#primaryimage\",\"url\":\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjL_-OzeKX34i6yMA7xb_g8o60vNRVZ0x8wbMqpajjIcYpg6d1M6ju2X1mnTn8Ydj2wVM63JgKRy2a8fhMG3i4S2nyYBHcD2MDl91BXGZebvBRstWoBx8XkgHMO_wfVLirpVX2_dOh6UngN8e7FL-3tUFppMvRqyGAGS69giAvlGyB4VYYSpivj5sWlaYV_\/s16000\/Hackers%20Abuse%20Dropbox.webp\",\"contentUrl\":\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjL_-OzeKX34i6yMA7xb_g8o60vNRVZ0x8wbMqpajjIcYpg6d1M6ju2X1mnTn8Ydj2wVM63JgKRy2a8fhMG3i4S2nyYBHcD2MDl91BXGZebvBRstWoBx8XkgHMO_wfVLirpVX2_dOh6UngN8e7FL-3tUFppMvRqyGAGS69giAvlGyB4VYYSpivj5sWlaYV_\/s16000\/Hackers%20Abuse%20Dropbox.webp\",\"width\":\"1600\",\"height\":\"900\"},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#website\",\"url\":\"https:\/\/kalilinuxtutorials.com\/\",\"name\":\"Kali Linux Tutorials\",\"description\":\"Kali Linux Tutorials\",\"publisher\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/kalilinuxtutorials.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\",\"name\":\"Kali Linux Tutorials\",\"url\":\"https:\/\/kalilinuxtutorials.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png\",\"contentUrl\":\"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png\",\"width\":272,\"height\":90,\"caption\":\"Kali Linux Tutorials\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/CyberEdition\",\"https:\/\/www.threads.com\/@cybersecurityedition\",\"https:\/\/www.linkedin.com\/company\/cyberedition\",\"https:\/\/www.instagram.com\/cybersecurityedition\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/3c3b3f82a74146532c4def299fe069fa\",\"name\":\"Varshini\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/f19f43637c0f83fb3dcfb498f306b2a9ac0025ce85840ab52ee8c01f5361f269?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/f19f43637c0f83fb3dcfb498f306b2a9ac0025ce85840ab52ee8c01f5361f269?s=96&d=mm&r=g\",\"caption\":\"Varshini\"},\"description\":\"Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.\",\"sameAs\":[\"http:\/\/kalilinuxtutorials.com\",\"https:\/\/www.linkedin.com\/in\/senthamil-selvan-14043a285\/\"],\"url\":\"https:\/\/kalilinuxtutorials.com\/author\/vinayakagrawal\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"BackupCreds - Mastering Credential Dumping In Windows","description":"\"BackupCreds presents a groundbreaking method for security professionals to exploit SeTrustedCredmanAccessPrivilege, enabling the dumping of","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/kalilinuxtutorials.com\/backupcreds\/","og_locale":"en_US","og_type":"article","og_title":"BackupCreds - Mastering Credential Dumping In Windows","og_description":"\"BackupCreds presents a groundbreaking method for security professionals to exploit SeTrustedCredmanAccessPrivilege, enabling the dumping of","og_url":"https:\/\/kalilinuxtutorials.com\/backupcreds\/","og_site_name":"Kali Linux Tutorials","article_published_time":"2024-03-13T06:00:29+00:00","article_modified_time":"2024-03-13T06:00:30+00:00","og_image":[{"url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjL_-OzeKX34i6yMA7xb_g8o60vNRVZ0x8wbMqpajjIcYpg6d1M6ju2X1mnTn8Ydj2wVM63JgKRy2a8fhMG3i4S2nyYBHcD2MDl91BXGZebvBRstWoBx8XkgHMO_wfVLirpVX2_dOh6UngN8e7FL-3tUFppMvRqyGAGS69giAvlGyB4VYYSpivj5sWlaYV_\/s16000\/Hackers%20Abuse%20Dropbox.webp","type":"","width":"","height":""}],"author":"Varshini","twitter_card":"summary_large_image","twitter_image":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjL_-OzeKX34i6yMA7xb_g8o60vNRVZ0x8wbMqpajjIcYpg6d1M6ju2X1mnTn8Ydj2wVM63JgKRy2a8fhMG3i4S2nyYBHcD2MDl91BXGZebvBRstWoBx8XkgHMO_wfVLirpVX2_dOh6UngN8e7FL-3tUFppMvRqyGAGS69giAvlGyB4VYYSpivj5sWlaYV_\/s16000\/Hackers%20Abuse%20Dropbox.webp","twitter_creator":"@CyberEdition","twitter_site":"@CyberEdition","twitter_misc":{"Written by":"Varshini","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/kalilinuxtutorials.com\/backupcreds\/#article","isPartOf":{"@id":"https:\/\/kalilinuxtutorials.com\/backupcreds\/"},"author":{"name":"Varshini","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/3c3b3f82a74146532c4def299fe069fa"},"headline":"BackupCreds – Mastering Credential Dumping In Windows","datePublished":"2024-03-13T06:00:29+00:00","dateModified":"2024-03-13T06:00:30+00:00","mainEntityOfPage":{"@id":"https:\/\/kalilinuxtutorials.com\/backupcreds\/"},"wordCount":231,"commentCount":0,"publisher":{"@id":"https:\/\/kalilinuxtutorials.com\/#organization"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/backupcreds\/#primaryimage"},"thumbnailUrl":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjL_-OzeKX34i6yMA7xb_g8o60vNRVZ0x8wbMqpajjIcYpg6d1M6ju2X1mnTn8Ydj2wVM63JgKRy2a8fhMG3i4S2nyYBHcD2MDl91BXGZebvBRstWoBx8XkgHMO_wfVLirpVX2_dOh6UngN8e7FL-3tUFppMvRqyGAGS69giAvlGyB4VYYSpivj5sWlaYV_\/s16000\/Hackers%20Abuse%20Dropbox.webp","keywords":["BackupCreds","cybersecurity","informationsecurity","kalilinux","kalilinuxtools"],"articleSection":["Cyber security","Exploitation Tools","Windows"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/kalilinuxtutorials.com\/backupcreds\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/kalilinuxtutorials.com\/backupcreds\/","url":"https:\/\/kalilinuxtutorials.com\/backupcreds\/","name":"BackupCreds - Mastering Credential Dumping In Windows","isPartOf":{"@id":"https:\/\/kalilinuxtutorials.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/kalilinuxtutorials.com\/backupcreds\/#primaryimage"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/backupcreds\/#primaryimage"},"thumbnailUrl":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjL_-OzeKX34i6yMA7xb_g8o60vNRVZ0x8wbMqpajjIcYpg6d1M6ju2X1mnTn8Ydj2wVM63JgKRy2a8fhMG3i4S2nyYBHcD2MDl91BXGZebvBRstWoBx8XkgHMO_wfVLirpVX2_dOh6UngN8e7FL-3tUFppMvRqyGAGS69giAvlGyB4VYYSpivj5sWlaYV_\/s16000\/Hackers%20Abuse%20Dropbox.webp","datePublished":"2024-03-13T06:00:29+00:00","dateModified":"2024-03-13T06:00:30+00:00","description":"\"BackupCreds presents a groundbreaking method for security professionals to exploit SeTrustedCredmanAccessPrivilege, enabling the dumping of","inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/kalilinuxtutorials.com\/backupcreds\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/backupcreds\/#primaryimage","url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjL_-OzeKX34i6yMA7xb_g8o60vNRVZ0x8wbMqpajjIcYpg6d1M6ju2X1mnTn8Ydj2wVM63JgKRy2a8fhMG3i4S2nyYBHcD2MDl91BXGZebvBRstWoBx8XkgHMO_wfVLirpVX2_dOh6UngN8e7FL-3tUFppMvRqyGAGS69giAvlGyB4VYYSpivj5sWlaYV_\/s16000\/Hackers%20Abuse%20Dropbox.webp","contentUrl":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjL_-OzeKX34i6yMA7xb_g8o60vNRVZ0x8wbMqpajjIcYpg6d1M6ju2X1mnTn8Ydj2wVM63JgKRy2a8fhMG3i4S2nyYBHcD2MDl91BXGZebvBRstWoBx8XkgHMO_wfVLirpVX2_dOh6UngN8e7FL-3tUFppMvRqyGAGS69giAvlGyB4VYYSpivj5sWlaYV_\/s16000\/Hackers%20Abuse%20Dropbox.webp","width":"1600","height":"900"},{"@type":"WebSite","@id":"https:\/\/kalilinuxtutorials.com\/#website","url":"https:\/\/kalilinuxtutorials.com\/","name":"Kali Linux Tutorials","description":"Kali Linux Tutorials","publisher":{"@id":"https:\/\/kalilinuxtutorials.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/kalilinuxtutorials.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/kalilinuxtutorials.com\/#organization","name":"Kali Linux Tutorials","url":"https:\/\/kalilinuxtutorials.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/","url":"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png","contentUrl":"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png","width":272,"height":90,"caption":"Kali Linux Tutorials"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/CyberEdition","https:\/\/www.threads.com\/@cybersecurityedition","https:\/\/www.linkedin.com\/company\/cyberedition","https:\/\/www.instagram.com\/cybersecurityedition\/"]},{"@type":"Person","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/3c3b3f82a74146532c4def299fe069fa","name":"Varshini","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/f19f43637c0f83fb3dcfb498f306b2a9ac0025ce85840ab52ee8c01f5361f269?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f19f43637c0f83fb3dcfb498f306b2a9ac0025ce85840ab52ee8c01f5361f269?s=96&d=mm&r=g","caption":"Varshini"},"description":"Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.","sameAs":["http:\/\/kalilinuxtutorials.com","https:\/\/www.linkedin.com\/in\/senthamil-selvan-14043a285\/"],"url":"https:\/\/kalilinuxtutorials.com\/author\/vinayakagrawal\/"}]}},"jetpack_featured_media_url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjL_-OzeKX34i6yMA7xb_g8o60vNRVZ0x8wbMqpajjIcYpg6d1M6ju2X1mnTn8Ydj2wVM63JgKRy2a8fhMG3i4S2nyYBHcD2MDl91BXGZebvBRstWoBx8XkgHMO_wfVLirpVX2_dOh6UngN8e7FL-3tUFppMvRqyGAGS69giAvlGyB4VYYSpivj5sWlaYV_\/s16000\/Hackers%20Abuse%20Dropbox.webp","jetpack_sharing_enabled":true,"jetpack-related-posts":[{"id":12202,"url":"https:\/\/kalilinuxtutorials.com\/wdtoggle\/","url_meta":{"origin":32292,"position":0},"title":"WdToggle : Direct System Calls To Enable WDigest Credential Caching","author":"R K","date":"March 7, 2021","format":false,"excerpt":"WdToggle is a Proof of Concept Cobalt Strike Beacon Object File which uses direct system calls to enable WDigest credential caching and circumvent Credential Guard (if enabled). What is this repository for? Demonstrate the usage of direct systems calls using inline-assembly to provide a more opsec safe way of interacting\u2026","rel":"","context":"In "Kali Linux"","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":29935,"url":"https:\/\/kalilinuxtutorials.com\/combine\/","url_meta":{"origin":32292,"position":1},"title":"Combine Tool – Bypass EDRs & Secure Windows Credentials","author":"Varshini","date":"September 1, 2023","format":false,"excerpt":"By readapting the safetydump rust library (many thanks to the author!!!), I have been able to EASILY bypass all the countermeasures put in place by most EDRs, except Kaspersky EDR, and TrendMicro (new detection, from a couple hours ago) dbghelp!MiniDumpWriteDump with a custom callback could be used, until a year\u2026","rel":"","context":"In "Hacking Tools"","block_context":{"text":"Hacking Tools","link":"https:\/\/kalilinuxtutorials.com\/category\/hacking-tools\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgfpYdI4QnsbOVxwNhhhX5A7q5jZE9nY6_h7PCYabZlgqhNnzNcChbk8Na8lDh7gdCCElWkTdVKUYKQxchvEw1fJX_u-e8LgJdF7vlDQPA_2hsVENOC7E5wG8BNTJW5kcd5w41ivH3q5c4mKPqxnuXYShz1zvV5yVKhMegIcStP03SRcEgKK0VSdNNJLw\/s1600\/combine%20%281%29.webp?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgfpYdI4QnsbOVxwNhhhX5A7q5jZE9nY6_h7PCYabZlgqhNnzNcChbk8Na8lDh7gdCCElWkTdVKUYKQxchvEw1fJX_u-e8LgJdF7vlDQPA_2hsVENOC7E5wG8BNTJW5kcd5w41ivH3q5c4mKPqxnuXYShz1zvV5yVKhMegIcStP03SRcEgKK0VSdNNJLw\/s1600\/combine%20%281%29.webp?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgfpYdI4QnsbOVxwNhhhX5A7q5jZE9nY6_h7PCYabZlgqhNnzNcChbk8Na8lDh7gdCCElWkTdVKUYKQxchvEw1fJX_u-e8LgJdF7vlDQPA_2hsVENOC7E5wG8BNTJW5kcd5w41ivH3q5c4mKPqxnuXYShz1zvV5yVKhMegIcStP03SRcEgKK0VSdNNJLw\/s1600\/combine%20%281%29.webp?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgfpYdI4QnsbOVxwNhhhX5A7q5jZE9nY6_h7PCYabZlgqhNnzNcChbk8Na8lDh7gdCCElWkTdVKUYKQxchvEw1fJX_u-e8LgJdF7vlDQPA_2hsVENOC7E5wG8BNTJW5kcd5w41ivH3q5c4mKPqxnuXYShz1zvV5yVKhMegIcStP03SRcEgKK0VSdNNJLw\/s1600\/combine%20%281%29.webp?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgfpYdI4QnsbOVxwNhhhX5A7q5jZE9nY6_h7PCYabZlgqhNnzNcChbk8Na8lDh7gdCCElWkTdVKUYKQxchvEw1fJX_u-e8LgJdF7vlDQPA_2hsVENOC7E5wG8BNTJW5kcd5w41ivH3q5c4mKPqxnuXYShz1zvV5yVKhMegIcStP03SRcEgKK0VSdNNJLw\/s1600\/combine%20%281%29.webp?resize=1050%2C600&ssl=1 3x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgfpYdI4QnsbOVxwNhhhX5A7q5jZE9nY6_h7PCYabZlgqhNnzNcChbk8Na8lDh7gdCCElWkTdVKUYKQxchvEw1fJX_u-e8LgJdF7vlDQPA_2hsVENOC7E5wG8BNTJW5kcd5w41ivH3q5c4mKPqxnuXYShz1zvV5yVKhMegIcStP03SRcEgKK0VSdNNJLw\/s1600\/combine%20%281%29.webp?resize=1400%2C800&ssl=1 4x"},"classes":[]},{"id":11230,"url":"https:\/\/kalilinuxtutorials.com\/chalumeau\/","url_meta":{"origin":32292,"position":2},"title":"Chalumeau : Automated, Extendable & Customizable Credential Dumping Tool","author":"R K","date":"August 14, 2020","format":false,"excerpt":"Chalumeau is automated,extendable and customizable credential dumping tool based on powershell and python. Main Features Write your own PayloadsIn-Memory executionExtract Password ListDashboard reporting \/ Web InterfaceParsing MimikatzDumping Tickets Known Issues Parsing Mimikatz dcsync (working on fix)Bypassing Antivirus and EDRs , you will need to maintain your payloads To Do Encrypted\u2026","rel":"","context":"In "Kali Linux"","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":36663,"url":"https:\/\/kalilinuxtutorials.com\/blackbasta-chat\/","url_meta":{"origin":32292,"position":3},"title":"BlackBasta Chat : The Inner Workings Of A Notorious Ransomware Group","author":"Varshini","date":"February 24, 2025","format":false,"excerpt":"The recent leak of Black Basta\u2019s internal communications, spanning over 200,000 chat messages, has provided an unprecedented look into the operations and internal dynamics of this ransomware group. The leaked data, covering September 2023 to September 2024, reveals insights into their tools, tactics, and internal discord. Tools And Techniques Used\u2026","rel":"","context":"In "Cyber security"","block_context":{"text":"Cyber security","link":"https:\/\/kalilinuxtutorials.com\/category\/cyber-security\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/02\/BlackBasta-Chat-.webp?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/02\/BlackBasta-Chat-.webp?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/02\/BlackBasta-Chat-.webp?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/02\/BlackBasta-Chat-.webp?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/02\/BlackBasta-Chat-.webp?resize=1050%2C600&ssl=1 3x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/02\/BlackBasta-Chat-.webp?resize=1400%2C800&ssl=1 4x"},"classes":[]},{"id":5145,"url":"https:\/\/kalilinuxtutorials.com\/teleshadow3\/","url_meta":{"origin":32292,"position":4},"title":"TeleShadow3 : Telegram Desktop Session Stealer (Windows)","author":"R K","date":"May 27, 2019","format":false,"excerpt":"Teleshadow3 is a advanced Telegram desktop session hijacker for windows, you can download tool by clickin here. Set the email and sender details of the sender and recipient or use Telegram API! and send it to the victim after compiling. How do I use the session file? Just put tdata\u2026","rel":"","context":"In "Kali Linux"","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":9765,"url":"https:\/\/kalilinuxtutorials.com\/pickl3\/","url_meta":{"origin":32292,"position":5},"title":"Pickl3 : Windows Active User Credential Phishing Tool","author":"R K","date":"March 18, 2020","format":false,"excerpt":"Pickl3 is a Windows active user credential phishing tool.You can execute the Pickl3 and phish the target user credential. Operational Usage - 1 Nowadays, since the operating system of many end users is Windows 10, we cannot easily steal account information with Mimikatz-like projects like the old days. Using Pickl3,\u2026","rel":"","context":"In "Kali Linux"","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"_links":{"self":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts\/32292","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/users\/12"}],"replies":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/comments?post=32292"}],"version-history":[{"count":2,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts\/32292\/revisions"}],"predecessor-version":[{"id":32295,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts\/32292\/revisions\/32295"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/media\/32296"}],"wp:attachment":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/media?parent=32292"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/categories?post=32292"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/tags?post=32292"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}