Sponsor of the Day:
Jerkmate
https://detection.fyi/sigmahq/sigma/windows/process_creation/proc_creation_win_credential_guard_registry_tampering/
Windows Credential Guard Registry Tampering Via CommandLine | Detection.FYI
Detects attempts to add, modify, or delete Windows Credential Guard related registry keys or values via command line tools such as Reg.exe or PowerShell. …
commandline detection fyiwindows credentialtampering viaguardregistry
https://attack.mitre.org/techniques/T1555/004/
Credentials from Password Stores: Windows Credential Manager, Sub-technique T1555.004 - Enterprise...
sub technique t1555password storeswindows credential004 enterprisecredentials
https://www.windows-faq.de/2026/04/24/windows-credential-guard/
Windows Credential Guard verstehen und sicher aktivieren - Windows FAQ
Apr 24, 2026 - Windows Credential Guard schützt sensible Anmeldedaten in Windows. So prüfst du den Status, erfüllst die Voraussetzungen und aktivierst die Funktion sauber und...
windows credentialverstehen undguardsicheraktivieren
https://www.theregister.com/2024/10/30/zeroday_windows_themes/
Windows Themes 0-day opens door to NTLM credential theft • The Register
Oct 30, 2024 - Plus a free micropatch until Redmond fixes the flaw
0 dayopens doorcredential theftwindowsthemes