SILPH: Stealthy In-Memory Local Password Harvester
SILPH is a red team tool designed to dump LSA secrets, SAM hashes, and DCC2 credentials entirely in memory, without writing any files to disk. It's built for integration into the Orsted C2 framework and runs directly on a Windows host, avoiding the need for RPC service creation.
Key features:
- In-Memory Operation: Dumps credentials without writing files to disk, reducing the risk of detection.
- Indirect Syscalls: Uses native NT calls resolved from
ntdllvia Superdeye for stealth. - Local Execution: Designed to run locally, avoiding network-based detections.
- Integration with Orsted C2: Seamlessly integrates into the Orsted C2 framework.
Use cases:
- Red team operations requiring stealthy credential harvesting.
- Situations where writing to disk is prohibited or risky.
- Environments where RPC-based service creation is easily detected.
