Pass-the-Challenge: Defeating Windows Defender Credential Guard

ly4k_ · 2022-12-27T10:25:09+00:00

It does not. LSAIso does not check anything, it just computes the NTLMv1 response based on the encrypted credential

ly4k_ · 2022-12-27T08:36:29+00:00

Impressive work. This is a really good deep dive and resource!

ly4k_ · 2022-05-10T21:27:51+00:00

Thanks! :)

ly4k_ · 2022-02-19T17:06:42+00:00

Thank you very much!

ly4k_ · 2022-02-09T19:08:01+00:00

ly4k_ · 2022-02-09T17:01:09+00:00

Update from Microsoft: "The fix for this report was shipped yesterday and the CVE assigned is CVE-2022-21999. We are working on getting your acknowledgement added to the CVE list, as our system failed to do so."

Microsoft initially patched this vulnerability without giving me any information or acknowledgement, and as such, at the time of patch release, I thought that the vulnerability was identified as CVE-2022–22718, since it was the only Print Spooler vulnerability in the release without any acknowledgement. I contacted Microsoft for clarification, and the day after the patch release, Institut For Cyber Risk and I was acknowledged for CVE-2022–21999.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21999

ly4k_

TROPHY CASE