Register to stream ATT&CKcon 2.0 October 29-30


LaZagne is a post-exploitation, open-source tool used to recover stored passwords on a system. It has modules for Windows, Linux, and OSX, but is mainly focused on Windows systems. LaZagne is publicly available on GitHub.[1]

ID: S0349
Type: TOOL
Platforms: Linux, macOS, Windows
Version: 1.0

Techniques Used

Domain ID Name Use
Enterprise T1003 Credential Dumping LaZagne can perform credential dumping to obtain account and password information. [1]
Enterprise T1081 Credentials in Files LaZagne can obtain credentials from browsers, chats, databases, mail, and WiFi. [1]

Groups That Use This Software

ID Name References
G0077 Leafminer [2]
G0049 OilRig [3]
G0022 APT3 [4]
G0069 MuddyWater [5]
G0064 APT33 [6]