Blindsight is a red teaming tool designed to dump LSASS (Local Security Authority Subsystem Service) memory on Windows systems, bypassing basic countermeasures.
It utilizes the Transactional NTFS (TxF API) to transparently scramble the memory dump, which helps avoid triggering antivirus, endpoint detection and response (EDR), and extended detection and response (XDR) systems.
mingw-w64
and rustup
. This allows developers to build the tool on non-Windows platforms..\blindsight.exe
will dump the LSASS memory..\blindsight.exe <file_to_unscramble.log>
will unscramble a previously dumped file.Blindsight has been tested on various Windows platforms, including Windows 10, Windows 11 (both x64 and ARM64), and Windows Server versions from 2016 to 2022.
The developers have outlined several future enhancements, including optimizing memory usage, encrypting strings locally, and implementing fileless exfiltration channels.
Blindsight is a powerful tool for red teaming exercises, providing a stealthy method to extract sensitive information from Windows systems.
Its ability to evade detection makes it a valuable asset for security testing and penetration testing scenarios. However, users should exercise caution and avoid testing it on production servers due to potential system instability risks.
Introduction When it comes to cybersecurity and ethical hacking, one of the most effective ways…
Introduction In the world of cybersecurity, knowledge is power. One of the most powerful skillsets…
Introduction In the vast ocean of the internet, the most powerful tool you already have…
Pystinger is a Python-based tool that enables SOCKS4 proxying and port mapping through webshells. It…
Introduction When it comes to cybersecurity, speed and privacy are critical. Public vulnerability databases like…
Introduction When it comes to cybersecurity, speed and privacy are critical. Public vulnerability databases like…