Blindsight is a red teaming tool designed to dump LSASS (Local Security Authority Subsystem Service) memory on Windows systems, bypassing basic countermeasures.
It utilizes the Transactional NTFS (TxF API) to transparently scramble the memory dump, which helps avoid triggering antivirus, endpoint detection and response (EDR), and extended detection and response (XDR) systems.
mingw-w64 and rustup. This allows developers to build the tool on non-Windows platforms..\blindsight.exe will dump the LSASS memory..\blindsight.exe <file_to_unscramble.log> will unscramble a previously dumped file.Blindsight has been tested on various Windows platforms, including Windows 10, Windows 11 (both x64 and ARM64), and Windows Server versions from 2016 to 2022.
The developers have outlined several future enhancements, including optimizing memory usage, encrypting strings locally, and implementing fileless exfiltration channels.
Blindsight is a powerful tool for red teaming exercises, providing a stealthy method to extract sensitive information from Windows systems.
Its ability to evade detection makes it a valuable asset for security testing and penetration testing scenarios. However, users should exercise caution and avoid testing it on production servers due to potential system instability risks.
Playwright-MCP (Model Context Protocol) is a cutting-edge tool designed to bridge the gap between AI…
JBDev is a specialized development tool designed to streamline the creation and debugging of jailbreak…
The Kereva LLM Code Scanner is an innovative static analysis tool tailored for Python applications…
Nuclei-Templates-Labs is a dynamic and comprehensive repository designed for security researchers, learners, and organizations to…
SSH-Stealer and RunAs-Stealer are malicious tools designed to stealthily harvest SSH credentials, enabling attackers to…
Control flow flattening is a common obfuscation technique used by OLLVM (Obfuscator-LLVM) to transform executable…