WdToggle – A Beacon Object File (BOF) For Cobalt Strike Which Uses Direct System Calls To Enable WDigest Credential Caching
A Proof of Concept Cobalt Strike Beacon Object File which uses direct system calls to enable WDigest credential caching and circumvent Credential Guard (if enabled). Additional guidance can be found in this blog post: https://outflank.nl/blog/?p=1592 Background This PoC code is based on the following excellent blog posts: Exploring Mimikatz – Part 1 – WDigest BypassingRead More