Reaper – Unified Application Security Testing with AI Support

DumpBrowserSecrets is a Windows post-exploitation tool that harvests browser-stored secrets (saved credentials, session cookies, OAuth refresh tokens, credit cards, autofill data, history, and bookmarks) across Chromium-based browsers and Firefox. The report details its operation — spawning a headless Chromium process, injecting a DLL via Early Bird APC to leverage the IElevator COM interface and decrypt App-Bound Encryption keys, handling DPAPI and NSS models for other browsers, and implementing evasion techniques — and discusses attack scenarios, detection opportunities, and mitigations.