Retrieving NTLM Hashes without touching LSASS: the “Internal Monologue” Attack

A new technique, called “Internal Monologue Attack”, allows and attack similar to Mimikatz without dumping memory area of LSASS process, avoiding antivirus and Windows Credential Guard.

Continue reading “Retrieving NTLM Hashes without touching LSASS: the “Internal Monologue” Attack”