GhostKatz is a tool designed to extract LSASS credentials from physical memory by exploiting signed vulnerable drivers. Developed by Julian Peña and Eric Esquivel, it utilizes the MmMapIoSpace function to bypass typical user-mode detection methods. The tool leverages drivers that have already been disclosed as vulnerable, focusing on kernel drivers that allow read-memory operations and aren’t blocked from loading. Notably, this release does not provide exploits for undisclosed drivers, but it is modular and lets users research and integrate their own drivers by enhancing the read-memory functions in the provided source file, utils.c. To run GhostKatz, users need to compile the BOFs using the `make` command and load the `ghostkatz.cna` Aggressor Script into their Script Manager. The command structure for operation is straightforward: `ghostkatz [logonpasswords/wdigest] -prv <provider id>`. There are examples included for clarity, such as `ghostkatz logonpasswords -prv 1`. The tool has been tested on multiple Windows Server versions and Windows 10 builds, with emphasis on major versions being stable across minor updates. A warning is issued regarding the deployment of GhostKatz in production environments due to its reliance on vulnerable drivers, which could lead to system crashes (BSOD). The article lists specific drivers that can be exploited with GhostKatz, including those from Toshiba and TechPowerUp, along with their SHA256 hashes for verification. The authors express gratitude to individuals who assisted them in understanding kernel interactions and memory management, highlighting the collaborative nature of their project.