#memory

MultiDump
MultiDump

Post-exploitation tool for dumping and extracting LSASS memory discreetly.

Donut
Donut

Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files.

rekall
rekall

Rekall Memory Forensic Framework.

Linpmem
Linpmem

The Linux memory acquisition tool.

WinPmem
WinPmem

The Windows memory acquisition tool.

volatility
volatility

The volatile memory extraction framework.

unicorn
unicorn

Simple tool for using a PowerShell downgrade attack and inject shellcode into memory.

ScareCrow
ScareCrow

Payload creation framework designed around EDR bypass.

mimikittenz
mimikittenz

A post-exploitation powershell tool for extracting juicy info from memory.

Dumpert
Dumpert

LSASS memory dumper using direct system calls and API unhooking.