NetExec – Network Execution Toolkit for Windows and Active Directory

DumpBrowserSecrets is a post‑exploitation credential extraction tool that targets Chromium- and Gecko-based browsers on Windows to recover saved logins, session cookies, OAuth refresh tokens, credit cards, autofill data and history. It bypasses Chrome's App-Bound Encryption (via spawning a headless Chromium process and DLL injection using Early Bird APC to call the IElevator COM interface), handles DPAPI for other Chromium forks, and uses NSS decryption for Firefox; the tool includes evasion techniques (string obfuscation, API hashing, PPID/argument spoofing, handle duplication) and writes structured JSON output, making it useful for red teams and potentially abusable by attackers to enable lateral movement and cloud account takeover.