https://github.com/wh0nsq/BypassCredGuard

Run the POC we wrote on the system with Credential Guard protection enabled. When the user enters the username and password to log in again, we get his plaintext password again, as shown in the figure below.

https://github.com/Orange-Cyberdefense/KeePwn

A python script to help red teamers discover KeePass instances and extract secrets.

https://github.com/mandiant/CcmPwn

ccmpwn.py - lateral movement script that leverages the CcmExec service to remotely hijack user sessions. Works for cred theft also.

https://github.com/Meckazin/ChromeKatz

CookieKatz is a project that allows operators to dump cookies from Chrome, Edge or Msedgewebview2 directly from the process memory. Chromium based browsers load all their cookies from the on-disk cookie database on startup.

The benefits of this approach are:

1. Support dumping cookies from Chrome's Incogntio and Edge's In-Private processes
2. Access cookies of other user's browsers when running elevated
3. Dump cookies from webview processes
4. No need to touch on-disk database file