Monday, July 22, 2024
HomeToolsNosferatu:-- Lsass NTLM Authentication Backdoor.

Nosferatu:– Lsass NTLM Authentication Backdoor.

How Does It Work?

  • The DLL is first injected into the lsass.exe process, where it will begin intercepting authentication WinAPI calls.
  • MsvpPasswordValidate(), found in NtlmShared.dll, is the targeted function.
  • In order to avoid being noticed, the hooked function will call the original function and let the authentication process to proceed normally.
  • The hook will only swap out the true NTLM hash with the backdoor hash for comparison after it has determined that authentication has failed.


Disclaimer: The intended use for the tool is strictly educational and should not be used for any other purposes.


Download Link:



Please enter your comment!
Please enter your name here

Most Popular

Recent Comments

Izzi Казино онлайн казино казино x мобильді нұсқасы on Instagram and Facebook Video Download Made Easy with
Temporada 2022-2023 on CamPhish
2017 Grammy Outfits on Meesho Supplier Panel: Register Now!
React JS Training in Bangalore on Best Online Learning Platforms in India
DigiSec Technologies | Digital Marketing agency in Melbourne on Buy your favourite Mobile on EMI
亚洲A∨精品无码一区二区观看 on Restaurant Scheduling 101 For Better Business Performance

Write For Us