Credential Dumping

One foothold, full domain: credential dumping extracts LSASS memory, SAM hashes, DPAPI blobs, and NTDS via DCSync — turning any admin shell into a complete credential harvest. Covers Mimikatz sekurlsa::logonpasswords, Impacket secretsdump, DCSync abuse, and the Event IDs plus Credential Guard that stop it.