Winlogon Password Leaking
The flow is:
— user enters password
— winlogon loads mpnotify.exe
— mpnotify opens RPC channel
— winlogon sends pass via RPC
— mpnotify forwards to DLL
— DLL stores it on disk
https://github.com/gtworek/PSBits/tree/master/PasswordStealing/NPPSpy
#winlogon #password #leak #redteam
The flow is:
— user enters password
— winlogon loads mpnotify.exe
— mpnotify opens RPC channel
— winlogon sends pass via RPC
— mpnotify forwards to DLL
— DLL stores it on disk
https://github.com/gtworek/PSBits/tree/master/PasswordStealing/NPPSpy
#winlogon #password #leak #redteam