Credentials

// Some code
Aaron Herndon

Cached Credentials - Remediation

Windows 7,8,2008 & 2012:
Apply Microsoft patch KB2871997
Set registry key 'UseLogonCredential' to 0 in WDigest of HKEY_LOCAL_MACHINE
Note: NTLM hashes can still be extracted

Windows 8.1(+), prevent access to LSASS:
Place LSASS in protected mode via LSA Registry key

PreviousFile transfers NextMaintaing access

Last updated 2 years ago

Was this helpful?