Frederik Raabye
Another great write-up from Oliver Lyak. This time with new tooling for bypassing CredentialGuard in Windows to retrieve NTLM hashes. https://research.ifcr.dk/pass-the-challenge-defeating-windows-defender-credential-guard-31a892eee22
Pass-the-Challenge: Defeating Windows Defender Credential Guard

In this blog post, we present new techniques for recovering the NTLM hash from an encrypted credential protected by Windows Defender…

Medium
Dec 27, 2022 at 8:47amWeb