BlockEDRTraffic – EDR Evasive Lateral Movement Tool

DumpBrowserSecrets is a Windows post-exploitation tool that harvests browser-stored secrets (saved credentials, session cookies, OAuth refresh tokens, credit cards, autofill, history, bookmarks) from Chromium-based browsers and Firefox. It bypasses Chrome’s App-Bound Encryption by spawning a headless Chromium process, injecting a DLL via Early Bird APC injection to call the IElevator COM interface and decrypt the app_bound_encrypted_key, handles DPAPI and NSS decryption for other browsers, outputs structured JSON, and includes multiple evasion features aimed at defeating EDR and static analysis — making it highly relevant for red teams and malicious actors seeking rapid cloud account takeover from compromised developer endpoints.