https://1dnu11.github.io/blog/Recent content in Blog on 🕵 1dnu11Hugo -- gohugo.ioen-USCopyright © 2024, 1dnu11.Sat, 23 Mar 2024 00:00:00 +0000https://1dnu11.github.io/windows-credential-dumping/Sat, 23 Mar 2024 00:00:00 +0000https://1dnu11.github.io/windows-credential-dumping/Windows Password Hashes Windows stores hashes user account passwords locally in the SAM (Security Accounts Manager) database. Authentication and verification of user credentials is facilitated by the LSA (Local Security Authority). SAM Database SAM is a database file that manages user accounts and passwords. All passwords stored in SAM are hashed. This database cannot be copied while the operating system is running. Windows NT keeps the SAM db file locked. Attackrs tipically use in-memory techniques to dump SAM hashes from the LSASS process.