Presenting DeadMatter: A New Approach to Credential Extraction at Black Hat USA 2025

qsecure is pleased to announce that one of our esteemed team members, Vasilis Sikkis, will be presenting our latest tool, DeadMatter: Offset-Independent Credential Extraction Tool, at Black Hat USA 2025. The presentation is scheduled for August 6, from 12:00 PM to 12:55 PM, in the Business Hall at Arsenal Station 3.

Black Hat USA has long been recognized as one of the premier global gatherings in cybersecurity, drawing a diverse community of expert practitioners, researchers, policymakers, and technology leaders. Established in 1997, the event is uniquely positioned as a bridge between leading academic research and real-world industry application, distinguishing itself through rigorous technical standards, transparency, and meaningful discourse.

Unlike conventional trade events, Black Hat remains committed to an ethos of substance over spectacle. It has built its distinguished reputation by maintaining a strict standard for technical content, encouraging meaningful exchanges rather than promotional activities. Participants attend Black Hat to test ideas, demonstrate new research, and engage directly with peers in an environment characterized by intellectual honesty and critical inquiry.

qsecure proudly supports Vasilis Sikkis’s participation as a speaker at Black Hat USA 2025, in alignment with our ongoing commitment to contributing meaningfully to the global cybersecurity community. His involvement reflects our core belief in sharing knowledge with the community, direct engagement, open critique, and collaborative improvement; principles that closely align with Black Hat’s mission.

DeadMatter is a specialized credential extraction tool developed in C#. It is designed to recover sensitive information, such as password hashes of active logon sessions, directly from memory dumps. Utilizing offset-independent carving techniques, DeadMatter can extract credentials from a variety of file types, including raw or minidump-format memory dumps, decompressed hibernation files, and virtual machine memory files.

This tool is particularly valuable to penetration testers, red team operators, and forensic analysts, offering a practical solution in environments where endpoint detection and response (EDR) systems or antivirus software may prevent or flag traditional LSASS memory dumping techniques. In many cases, dumping and exfiltrating full memory is not a viable option due to size, detection, or exfiltration constraints. DeadMatter addresses this gap by enabling credential extraction directly on the target system, allowing for the recovery of NTLM hashes and other artifacts without triggering common defenses.

Information about the DeadMatter presentation can be found directly on the Black Hat Arsenal page at:

https://www.blackhat.com/us-25/arsenal/schedule/index.html#deadmatter-offset-independent-credential-extraction-tool-45506

This marks the second time Vasilis Sikkis has been selected to present at Black Hat, further demonstrating his continued contributions to the cybersecurity community. His previous work, Overlord, was featured at Black Hat USA 2020 and can be explored here:

https://www.qsecure.global/overlord-blackhat-2020

https://www.qsecure.global/overlord 

https://www.blackhat.com/us-20/arsenal/schedule/index.html#overlord-red-teaming-automation-19846 

We look forward to sharing more technical insights and real-world applications of DeadMatter at Black Hat USA 2025. We invite attendees to join us for the session and engage in discussion around this latest contribution to the offensive security toolkit.

For full details about Black Hat USA 2025—including registration, agenda highlights, and speaker sessions—please visit www.blackhat.com.

Quick Links

• Publications 
  
• Contact Us