Introduction

What?

Techniques for obtaining credentials like login information, account names, and passwords by extracting credential information from a system in various locations such as clear-text files, registry, memory dumping, etc.

Why?

As a red teamer, gaining access to legitimate credentials has benefits:

• It can give access to systems (Lateral Movement).

• It makes it harder to detect our actions.

• It provides the opportunity to create and manage accounts to help achieve the end goals of a red team engagement.

How?

• Credential access

• Local Windows credentials

• Local Security Authority Subsystem Service

• Windows Credential Manager

• Domain Controller

• Local Administrator Password Solution

• Hashes and tickets