Veles – Google’s Open Source Secret Scanner for GCP Key Detection

DumpBrowserSecrets is a Windows post-exploitation tool that harvests browser-stored credentials (cookies, saved logins, OAuth refresh tokens, credit cards, autofill, history, bookmarks) from major Chromium-based browsers and Firefox. It implements an App-Bound Encryption bypass for Chrome/Edge/Brave by spawning a headless Chromium process, injecting a DLL via Early Bird APC to invoke the IElevator COM interface and decrypt encryption keys, and uses DPAPI/NSS handling for other browsers; outputs structured JSON and includes multiple evasion techniques to hinder EDR detection, making it relevant for red teams and malicious actors seeking rapid cloud or SaaS account takeover.