APT
🔐 Credential Guard Bypass The well-known WDigest module, which is loaded by LSASS, has two interesting global variables: g_IsCredGuardEnabled and g_fParameter_UseLogonCredential. Their name is rather self explanatory, the first one holds the state of Credential…
🔐 Combination of 2 PoCs for bypassing Credential Guard with in-memory invocation
PoC 1 (patch wdigest.dll):
https://gist.github.com/N4kedTurtle/8238f64d18932c7184faa2d0af2f1240
PoC 2 (find variable offsets in runtime):
https://github.com/itm4n/Pentest-Windows/blob/main/CredGuardBypassOffsets/poc.cpp
Merged:
https://gist.github.com/snovvcrash/43e976779efdd20df1596c6492198c99
#lsass #wdigest #credguard
PoC 1 (patch wdigest.dll):
https://gist.github.com/N4kedTurtle/8238f64d18932c7184faa2d0af2f1240
PoC 2 (find variable offsets in runtime):
https://github.com/itm4n/Pentest-Windows/blob/main/CredGuardBypassOffsets/poc.cpp
Merged:
https://gist.github.com/snovvcrash/43e976779efdd20df1596c6492198c99
#lsass #wdigest #credguard
🔥4👍3