drop credential dumping evidence csvs · logon event csvs · admin share access · service install events · trace a specific credential from dump through use and propagation across systems · reconstruct the attack chain · runs locally
evidence
drop evtx / harvest csv
or click
4624 logons · 5140 share access · 7045 services · credential-harvesting-tool-detector csv
drop credential harvest csv · 4624/5140/7045 evtx csv