Malware using obfuscation to avoid detection, and the possibilities are quite endless
Obfuscation is a technique that makes binary and textual data unreadable and/or hard to understand.
Software developers sometimes employ obfuscation techniques because they don’t want their programs being reverse-engineered or pirated.
mimikatz # privilege::debug
mimikatz # sekurlsa::logonPasswords full
and also a brief video demo:
Both examples shouldn’t works on system that have installed the KB2871997:
One of the credentials stored by LSASS is the user’s clear-text password. This update prevents every Microsoft SSP in LSASS, besides WDigest, from storing the user’s clear-text password. WDigest still stores the user’s clear-text password because it cannot function without the user’s password (Microsoft does not want to break existing customer setups by shipping an update to disable this).
However, because WDigest (used for credential storage) is used by many products (e.g. IIS), Microsoft left the Wdigest provider enabled which is why mimikatz can still obtain clear text password.
An attacker can simply re-enabling the credential storing in LSASS with this command: