Credential Dumping: Local Security Authority (LSA|LSASS.EXE) This post reviews common LSASS credential-dumping techniques—both remote and local—detailing tools and workflows attackers use to extract NT hashes, Kerberos tickets, cleartext passwords, and DPAPI keys from memory. It also covers parsing dumps with pypykatz, network-level detection for DRSUAPI/DCSync and anomalous SMB activity, and mitigations such as Credential Guard and LSASS Protected Process Light. #lsassy #nanodump #impacket #pypykatz #CredentialGuard

Credential dumping targets LSASS memory to extract NT hashes, Kerberos tickets, cleartext passwords, and DPAPI keys. Tools include lsassy, nanodump, pypykatz, with mitigations like Credential Guard and Protected Process Light. #LSASSdump #CredentialGuard

SpecterOps finds new credential-dumping techniques that can extract secrets from Windows 11/Server 2025 with Credential Guard enabled, targeting LSA/lsass.exe by abusing SSPI/SSP behaviors. #CredentialGuard #VBS #LSA https://bit.ly/3Jma1Hp

With Windows 11, Microsoft is raising the bar by enabling Credential Guard and HVCI by default. These built-in protections help block credential theft and strengthen endpoint security without extra setup.

blog.thomasmarcussen.com/windows-11-s...

#Windows11 #CyberSecurity #CredentialGuard #HVCI

Deep Dive On Wireless Authentication on Cloud Native PCs Cloud Native PCs need to modernize their strategy around authentication instead of legacy concepts like NTLM. We can use RADIUS and NPS to auth with certs

People moving to #Windows11 have been struggling with #CredentialGuard and #CloudNative breaking tech like #WiFi Join me on the journey where I setup #CiscoMeraki and build out #RADIUS and #EAPTLS to deliver seamless auth powered by #CloudPKI
#MVPBuzz
mobile-jon.com/2025/02/18/d...