Add README.md

README.md

@@ -0,0 +1,33 @@
+# LetMeowIn
+A sophisticated, covert LSASS dumper using C++ and MASM x64.
+
+As seen on [Binary Defense](https://www.binarydefense.com/resources/blog/letmeowin-analysis-of-a-credential-dumper/) and [Cyber Security News](https://cybersecuritynews.com/researchers-detailed-letmeowin-credentials/)
+
+## Disclaimer
+Don't be evil with this. I created this tool to learn. I'm not responsible if the Feds knock on your door.
+
+----------------------------------------------------------------------------------------------------------
+
+Historically was able to (and may presently still) bypass
+  - Windows Defender
+  - Malwarebytes Anti-Malware
+  - CrowdStrike Falcon EDR (Falcon Complete + OverWatch)
+  - Palo Alto Cortex xDR *(When combined with strong initial access methods)*
+
+![image](https://github.com/Meowmycks/LetMeowIn/assets/45502375/fb99f6e3-abb4-4beb-9130-dfbc550e1abe)
+
+## Features
+Avoids detection by using various means, such as:
+  - Manually implementing NTAPI operations through indirect system calls
+  - ~~Disabling~~ Breaking telemetry features (i.e ETW)
+  - Polymorphism through compile-time hash generation
+  - Obfuscating API function names and pointers
+  - Duplicating existing LSASS handles instead of opening new ones
+  - Creating offline copies of the LSASS process to perform memory dumps on
+  - Corrupting the `MDMP` signature of dropped files
+  - Probably other stuff I forgot to mention here
+
+## Negatives
+  - Only works on x64 architecture
+  - Relies on there being [existing opened LSASS handles](https://itm4n.github.io/lsass-runasppl/#technique-3--python--katz) on target systems 
+  - Don't expect this to be undetectable forever 🙂