Credential Access & Dumping

Here are the articles in this section:Dumping Credentials from Lsass Process Memory with MimikatzLocal Security Authority (LSA) credential dumping with in-memory Mimikatz using powershell.Dumping Lsass Without MimikatzDumping Lsass without Mimikatz with MiniDumpWriteDumpEvasion, Credential DumpingDumping Hashes from SAM via RegistrySecurity Accounts Manager (SAM) credential dumping with living off the land binary.Dumping SAM via esentutl.exeDumping LSA SecretsDumping and Cracking mscash - Cached Domain CredentialsDumping Domain Controller Hashes Locally and RemotelyDumping NTDS.dit with Active Directory users hashesDumping Domain Controller Hashes via wmic and Vssadmin Shadow CopyNetwork vs Interactive LogonsThis lab explores/compares when credentials are susceptible to credential dumping.Reading DPAPI Encrypted Secrets with Mimikatz and C++Credentials in RegistryInternal recon, hunting for passwords in Windows registryPassword FilterCredential AccessForcing WDigest to Store Credentials in PlaintextDumping Delegated Default Kerberos and NTLM Credentials w/o Touching LsassIntercepting Logon Credentials via Custom Security Support Provider and Authentication PackagesCredential Access, PersistencePulling Web Application Passwords by Hooking HTML Input FieldsCredential Access, KeyloggerIntercepting Logon Credentials by Hooking msv1_0!SpAcceptCredentialsHooking, Credential StealingCredentials Collection via CredUIPromptForCredentials