SecPlusTrainer / Glossary / What is credential dumping?
D9 · PenTest+

What is credential dumping?

Credential dumping extracts credentials from memory or disk — Mimikatz (LSASS memory), Impacket secretsdump (DCSync or local NTDS.dit), reg save SAM (local accounts).
Requires admin/SYSTEM privileges. Defense: Credential Guard (isolates LSASS in hypervisor), EDR behavioral detection of LSASS access, LSASS Protection (PPL mode), restrict NTDS.dit access. Log Event 4661 (NTDS access) and Mimikatz signatures.

Related Terms

What is banner grabbing? What is enumeration in cybersecurity? What is OSINT (Open Source Intelligence)? What is passive reconnaissance?
← Back to Glossary Practice Questions →