Credential dumping TL;DR: LSASS memory, SAM/SYSTEM hives, DPAPI vaults, browser stores, LSA secrets — what each gives you. Stub — to be filled in. What it is TODO Preconditions / where it applies TODO Technique TODO Detection and defence TODO References https://attack.mitre.org/techniques/T1003/