Generative AI in Social Engineering & Phishing in 2025

DumpBrowserSecrets is a Windows post-exploitation tool that harvests browser-stored credentials and session tokens across major browsers (Chrome, Edge, Brave, Opera variants, Vivaldi, and Firefox). It implements an App-Bound Encryption bypass for Chromium-based browsers by injecting a DLL into a headless Chromium process (Early Bird APC) to call the IElevator COM interface, handles DPAPI/NSS decryption for other browsers, includes evasion features (string obfuscation, API hashing, PPID/argument spoofing, file-handle duplication), and outputs structured JSON for use in red-team engagements or credential theft scenarios.