Mimikatz - Potential Threat
Summary
This document checks the registry for the value of the stored credentials flag.
Registry Path:
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest:UseLogonCredential
- If the flag is set, there is a potential threat associated with using it.
- If the flag is not set but exists, the system is vulnerable. For more information, see Mimikatz - Vulnerable.
Settings
| Detection String | Comparator | Result | Applicable OS |
|---|---|---|---|
{%-HKLM/SYSTEM/CurrentControlSet/Control/SecurityProviders/WDigest:UseLogonCredential-%} | Equals | 1 | Windows |