Physmem2profit can be used to create a minidump of a target hosts' LSASS process by analysing physical memory remotely
-
Updated
Jul 27, 2022 - C#
#
credential-theft
Here are 14 public repositories matching this topic...
-
Updated
Feb 9, 2020 - PowerShell
Detect npm packages compromised in the Shai-Hulud 2.0 supply chain attack (Nov 2025). Scans for 790+ malicious packages, suspicious scripts, TruffleHog activity, SHA1HULUD runners, and secrets exfiltration. GitHub Action with SARIF support.
nodejs npm security sarif devsecops vulnerability-scanner malware-detection credential-theft github-actions open-source-security supply-chain-security sarif-report package-security shai-hulud shai-hulud-detector shai-hulud-attack shai-hulud2-detector shai-hulud2 shai-hulud2-inspector sha1-hulud
-
Updated
May 27, 2026 - TypeScript
This repo documents a vulnerability in Siri Shortcuts and Shared Web Credentials (SWC) allowing malformed payloads to persistently execute, trigger retry storms, bypass TLS validation, and request unauthorized entitlements. Confirmed on iOS 18.6.2 with potential iCloud-based propagation.
-
Updated
Mar 20, 2026
Android overlay attack & SMS OTP stealer PoC using AccessibilityService — security research only
android kotlin education proof-of-concept malware-analysis android-security mobile-security banking-trojan accessibility-service security-research credential-theft overlay-attack sms-interception otp-stealer
-
Updated
Feb 10, 2026 - Kotlin
The strace for npm packages. Runtime dependency behavior monitor for Node.js — catches supply-chain attacks that static analysis misses. Zero dependencies. SARIF output. GitHub Action. CI/CD pipeline guard.
nodejs npm security supply-chain owasp ci-cd postinstall sarif devsecops threat-intelligence dependency-monitoring malware-detection runtime-monitoring credential-theft npm-audit github-actions zero-dependencies supply-chain-security backdoor-detection wall-of-shame
-
Updated
May 27, 2026 - JavaScript
Forensic dataset + live dashboard for the 2026-04-29 'A Mini Shai-Hulud has Appeared' npm supply-chain worm by TeamPCP. 1,117 dropbox repos, 22 compromised accounts, 47 IOCs across 14 kinds. Trojaned: @cap-js, mbt, @bitwarden/cli. C2 attribution to AS209101 IP Vendetta Inc. JSONL data · kinetic dashboard · CC-BY-4.0.
ioc incident-response dataset cybersecurity threat-hunting malware-analysis forensic-analysis threat-intelligence bitwarden indicators-of-compromise jsonl credential-theft supply-chain-security cap-js sap-security shai-hulud npm-worm teampcp mini-shai-hulud npm-supply-chain-attack
-
Updated
Apr 29, 2026 - Shell
A DLL injection of RdpThief.dll to perform API hooking and extract RDP credentials
-
Updated
Jun 4, 2024 - C++
Analysis, IOCs, detection rules, and removal scripts for the ChatGPT Plus Free Trial cross-platform info-stealer (macOS + Windows)
ioc reverse-engineering cybersecurity malware-analysis yara-rules threat-intelligence security-research malware-removal mitre-attack credential-theft deno windows-malware clickfix sigma-rules info-stealer chatgpt-scam macos-malware amos-stealer
-
Updated
May 24, 2026 - YARA
Retrieve user credentials via the Windows API and save them to a file.
grabber windows-api stealer credential-theft cookie-logger cryptowallet stealer-builder grabber-password crypto-stealer windows-credentials credential-harvesting credentials-stealer credentials-grabber
-
Updated
May 27, 2026 - C++
This case study documents a stealthy credential-harvesting technique in which the attacker used a lightweight binary (browserdump.exe) to extract stored credentials from browser cache files—specifically Chrome and Edge—without elevating privileges or triggering persistence indicators.
-
Updated
May 12, 2025 - Jupyter Notebook
🛡️ SkillsSafe: A security scanner for SKILL.md, MCP configs, and system prompts to detect exfiltration, shell injection, and hidden threats.”
-
Updated
Mar 13, 2026 - TypeScript
AD (Active Directory) Service Account Manager is an enterprise-grade PowerShell framework that codifies identity lifecycle management and eliminates identity debt within Active Directory. It transitions organizations away from fragmented, manual service account management into a structured, audited, and automated governance model.
ad active-directory kerberos hardening msa shadow-admin service-account kerberos-authentication credential-theft kerberoasting sidhistory gmsa acl-audit as-rep-roasting adminsdholder
-
Updated
Mar 2, 2026 - PowerShell
🛡️ Guard your projects against the Shai-Hulud 2.0 npm supply chain attack with our secure detection tool for safer development.
nodejs npm security sarif devsecops vulnerability-scanner malware-detection credential-theft open-source-security supply-chain-security sarif-report package-security shai-hulud shai-hulud-attack shai-hulud2-detector shai-hulud2 shai-hulud2-inspector sha1-hulud
-
Updated
May 27, 2026 - TypeScript
Improve this page
Add a description, image, and links to the credential-theft topic page so that developers can more easily learn about it.
Add this topic to your repo
To associate your repository with the credential-theft topic, visit your repo's landing page and select "manage topics."