The Windows Security Journey — WDigest (Windows Digest)
Tags
| attack-pattern: | Credentials - T1589.001 Server - T1583.004 Server - T1584.004 |
Common Information
| Type | Value |
|---|---|
| UUID | d60420d8-7d42-4d7d-8041-05a96cddf91d |
| Fingerprint | 499e9279cb634d0 |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | Sept. 15, 2024, 7:20 p.m. |
| Added to db | Sept. 15, 2024, 9:44 p.m. |
| Last updated | Nov. 17, 2024, 6:55 p.m. |
| Headline | The Windows Security Journey — WDigest (Windows Digest) |
| Title | The Windows Security Journey — WDigest (Windows Digest) |
| Detected Hints/Tags/Attributes | 7/1/20 |
Source URLs
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 167 | ✔ | Cybersecurity on Medium | https://medium.com/feed/tag/cybersecurity | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 101 | www.elastic.co |
|
| Details | Domain | 36 | book.hacktricks.xyz |
|
| Details | Domain | 207 | learn.microsoft.com |
|
| Details | Domain | 2 | www.triskelelabs.com |
|
| Details | Domain | 1373 | twitter.com |
|
| Details | Domain | 434 | medium.com |
|
| Details | Domain | 24 | thelearningjourneyebooks.com |
|
| Details | File | 1 | modification-of-wdigest-security-provider.html |
|
| Details | File | 1 | %windir%\system32\wdigest.dll |
|
| Details | File | 1 | %windir%\syswow64\wdigest.dll |
|
| Details | File | 478 | lsass.exe |
|
| Details | Url | 1 | https://www.elastic.co/guide/en/security/current/modification-of-wdigest-security-provider.html |
|
| Details | Url | 2 | https://book.hacktricks.xyz/windows-hardening/stealing-credentials/credentials-protections |
|
| Details | Url | 1 | https://learn.microsoft.com/pt-pt/previous-versions/windows/server/cc778868(v=ws.10 |
|
| Details | Url | 1 | https://learn.microsoft.com/en-us/answers/questions/463368/disabling-credentials-caching-in-wdigest |
|
| Details | Url | 252 | https://medium.com |
|
| Details | Url | 1 | https://www.triskelelabs.com/blog/wdigest-extracting-passwords-in-cleartext |
|
| Details | Url | 25 | https://twitter.com/boutnaru |
|
| Details | Url | 24 | https://thelearningjourneyebooks.com |
|
| Details | Windows Registry Key | 19 | HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest |