gitlab-runner-research – PoC for abusing self-hosted GitLab runners

DumpBrowserSecrets is a Windows post-exploitation credential-harvesting tool that targets Chromium- and Gecko-based browsers to extract saved passwords, session cookies, OAuth refresh tokens, credit card data, autofill entries, and browsing history. It bypasses Chrome's App-Bound Encryption by spawning a headless Chromium process and injecting a DLL to call the IElevator COM interface, handles DPAPI and NSS encryption for other browsers, includes multiple EDR-evasion features, and outputs structured JSON for red-team usage — making it a high-risk capability if used by malicious actors.