Submit your favorite resources for free.

Submit
LogoHackDB
  • Recent
  • Pricing
  • Submit
LogoHackDB

Newsletter

Join the Community

Subscribe to our newsletter for the latest news and updates

LogoHackDB

The Ultimate Directory for Offensive Security

Resources
  • Recent
  • Category
  1. Home
  3. Items
  5. SILPH
icon of SILPH

SILPH

Stealthy In-Memory Local Password Harvester (SILPH) dumps LSA secrets, SAM hashes, and DCC2 credentials without writing to disk.

Visit WebsiteShare on X
image of SILPH
Visit Website

Introduction

Back

Information

  • Publisher
    Admin
  • Websitegithub.com
  • Created date12/18/2025
  • Published date12/18/2025

Categories

  • Red Team Operations

Tags

  • C2
  • Internal

More Resources

  • Tag
    • Listing
    • Pricing
    • FAQ
    • Submit
    Pages
    • Home
    • Support
    • Sitemap
    • llms.txt
    Company
    • About Us
    • Privacy Policy
    • Terms of Service
    Copyright © 2026 All Rights Reserved.
    image of IronPE
    Exploit DevelopmentInfrastructure SecurityRed Team Operations
    Visit Website

    IronPE

    Details

    Rust-based Windows PE manual loader supporting x86/x64. Implements manual mapping, base relocations, and import resolution for memory-based execution.

    Internal
    image of Lab401
    Wireless SecurityPhysical SecurityRed Team OperationsReverse Engineering
    Visit Website

    Lab401

    Details

    Premier hardware store for offensive security, providing Flipper Zero, Proxmark, Hak5 tools, SDR equipment, and specialized RFID cloning hardware.

    WirelessPhysicalInternal
    image of Swarmer
    Red Team OperationsInfrastructure Security
    Visit Website

    Swarmer

    Details

    Convert registry exports into NTUSER.MAN hive files to stealthily inject HKCU keys without admin rights, bypassing EDR/AV registry API monitoring.

    Internal

    SILPH: Stealthy In-Memory Local Password Harvester

    SILPH is a red team tool designed to dump LSA secrets, SAM hashes, and DCC2 credentials entirely in memory, without writing any files to disk. It's built for integration into the Orsted C2 framework and runs directly on a Windows host, avoiding the need for RPC service creation.

    Key features:

    • In-Memory Operation: Dumps credentials without writing files to disk, reducing the risk of detection.
    • Indirect Syscalls: Uses native NT calls resolved from ntdll via Superdeye for stealth.
    • Local Execution: Designed to run locally, avoiding network-based detections.
    • Integration with Orsted C2: Seamlessly integrates into the Orsted C2 framework.

    Use cases:

    • Red team operations requiring stealthy credential harvesting.
    • Situations where writing to disk is prohibited or risky.
    • Environments where RPC-based service creation is easily detected.