extracting-credentials-from-memory-dump
CommunityExtract credentials from memory dumps for forensics.
Data & Analytics#incident-response#mimikatz#memory-forensics#lsass#volatility3#credential-extraction
AuthorYukiIto1999
Version1.0.0
Installs0
System Documentation
What problem does it solve?
This Skill helps investigators quickly extract credentials from memory dumps, including password hashes, Kerberos tickets, and authentication tokens, enabling rapid assessment of credential exposure in incidents.
Core Features & Use Cases
- Credential extraction from LSASS memory: NTLM hashes, Kerberos tickets, WDigest, and DPAPI master keys.
- SAM, LSA, and cached credentials: Local and cached account credentials from memory artifacts.
- Structured reporting: Generates a machine-readable JSON report and actionable remediation guidance.
Quick Start
Run the agent against a memory dump to generate a credential extraction report.
Dependency Matrix
Required Modules
volatility3pypykatz
Components
scriptsreferences
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: extracting-credentials-from-memory-dump Download link: https://github.com/YukiIto1999/ctf-sleuth/archive/main.zip#extracting-credentials-from-memory-dump Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.