SilentNimvest — a tool for extracting Windows secrets while evading EDR

The tool is a Nim‑based utility that dumps local user hashes, cached domain authentication data, and LSA secrets from the SAM and SECURITY registry hives. It implements the SilentHarvest technique, which leverages SeBackupPrivilege rather than requiring NT AUTHORITY\SYSTEM access. By operating through the RegQueryMultipleValuesW API, the tool reduces the likelihood of EDR detection.

📎 Tool: https://github.com/frkngksl/SilentNimvest

💬 Discuss