DumpBrowserSecrets – Browser Credential Harvesting with App-Bound Encryption Bypass

DumpBrowserSecrets is a publicly documented post‑exploitation tool that harvests browser-stored credentials and session tokens from Chromium-based and Firefox browsers on Windows by using techniques such as headless Chromium spawning, Early Bird APC DLL injection, and an IElevator COM bypass to defeat App‑Bound Encryption; it extracts cookies, saved logins, OAuth refresh tokens, credit cards, and history into JSON, includes evasion features to reduce EDR detection, and is positioned for red‑team/assumed‑breach testing but represents a credible high‑risk capability if used by malicious actors.