gsecdump

gsecdump is a publicly-available credential dumper used to obtain password hashes and LSA secrets from Windows operating systems. [1]

ID: S0008
Type: TOOL
Platforms: Windows

Version: 1.0

Techniques Used

DomainIDNameUse
EnterpriseT1003Credential Dumpinggsecdump can dump Windows password hashes and LSA secrets.[1]

Groups

Groups that use this software:

APT1
BRONZE BUTLER
Night Dragon
PittyTiger
Threat Group-3390

References