A Python proof-of-concept script allows users to dump sensitive files such as SAM, SYSTEM, and NTDS.dit from a physical disk without triggering security alerts by bypassing standard Windows file APIs. It operates by directly reading NTFS filesystem structures, obfuscating the output with XOR encryption to avoid detection by EDR/AV systems. This tool is intended for educational purposes only and should be used in a controlled test environment.