Credential dumping from compromised Windows clients allows the attacker to perform lateral movement and gain control even after more sensitive hosts and eventually compromise the domain controller.
Mitigating various types of credential dumping on Windows is not easy. Not every permission that is abused by various post-exploitation tools can be safely removed and even the latest virtualization-based features in Windows 10 cannot protect all credentials.
In this paper we will look at most abused techniques, as well as their detection and mitigation.