Blindsight is a red teaming tool designed to dump LSASS (Local Security Authority Subsystem Service) memory on Windows systems, bypassing basic countermeasures.
It utilizes the Transactional NTFS (TxF API) to transparently scramble the memory dump, which helps avoid triggering antivirus, endpoint detection and response (EDR), and extended detection and response (XDR) systems.
mingw-w64
and rustup
. This allows developers to build the tool on non-Windows platforms..\blindsight.exe
will dump the LSASS memory..\blindsight.exe <file_to_unscramble.log>
will unscramble a previously dumped file.Blindsight has been tested on various Windows platforms, including Windows 10, Windows 11 (both x64 and ARM64), and Windows Server versions from 2016 to 2022.
The developers have outlined several future enhancements, including optimizing memory usage, encrypting strings locally, and implementing fileless exfiltration channels.
Blindsight is a powerful tool for red teaming exercises, providing a stealthy method to extract sensitive information from Windows systems.
Its ability to evade detection makes it a valuable asset for security testing and penetration testing scenarios. However, users should exercise caution and avoid testing it on production servers due to potential system instability risks.
The cp command, short for "copy," is the main Linux utility for duplicating files and directories. Whether…
Introduction In digital investigations, images often hold more information than meets the eye. With the…
The cat command short for concatenate, It is a fast and versatile tool for viewing and merging…
What is a Port? A port in networking acts like a gateway that directs data…
The ls command is fundamental for anyone working with Linux. It’s used to display the files and…
The pwd (Print Working Directory) command is essential for navigating the Linux filesystem. It instantly shows your…