By Sebastien Macke, @lanjelot
During penetration testing engagements, we often find ourselves on Windows systems, looking for account credentials. The purpose of this post is to walk through some techniques to gather credentials from Windows systems while being as non-intrusive as possible.
The core principles behind the techniques described in this post are:
- Safety – Avoid causing any downtime, by using tools and techniques which are known to be safe, and will not render a system unstable.
- Stealthiness – Avoid detection by using tools and techniques that will trigger alerts. Refrain from uploading binaries, turning off the anti-virus, generating suspicious event logs etc.