MCPcopy Create free account
hub / github.com/Meowmycks/LetMeowIn

github.com/Meowmycks/LetMeowIn @main

Chat with this repo
repository ↗ · DeepWiki ↗ · + Follow
44 symbols 78 edges 6 files 0 documented · 0% updated 2y ago★ 4403 open issues

Browse by type

Functions 28 Types & classes 16
What it actually does AI analysis from the code graph — generated when you open this
loading…
README

LetMeowIn

A sophisticated, covert LSASS dumper using C++ and MASM x64.

As seen on Binary Defense and Cyber Security News

Disclaimer

Don't be evil with this. I created this tool to learn. I'm not responsible if the Feds knock on your door.


Historically was able to (and may presently still) bypass - Windows Defender - Malwarebytes Anti-Malware - CrowdStrike Falcon EDR (Falcon Complete + OverWatch) - Palo Alto Cortex xDR (When combined with strong initial access methods)

image

Features

Avoids detection by using various means, such as: - Manually implementing NTAPI operations through indirect system calls - ~~Disabling~~ Breaking telemetry features (i.e ETW) - Polymorphism through compile-time hash generation - Obfuscating API function names and pointers - Duplicating existing LSASS handles instead of opening new ones - Creating offline copies of the LSASS process to perform memory dumps on - Corrupting the MDMP signature of dropped files - Probably other stuff I forgot to mention here

Negatives

  • Only works on x64 architecture
  • Relies on there being existing opened LSASS handles on target systems
  • Don't expect this to be undetectable forever 🙂

Core symbols most depended-on inside this repo

Shape

Function 28
Class 12
Enum 4

Languages

C++100%

Modules by API surface

src/main.cpp28 symbols
src/headers/structs.h12 symbols
src/headers/enums.h4 symbols

For agents

$ claude mcp add LetMeowIn \
  -- python -m otcore.mcp_server <graph>

⬇ download graph artifact

Ask about this repo answers extend the page