- Gets picked up by any anti-virus
- Need to obfuscate it
- Could use it if you control the AV and could just turn it off
turn on debug privilege:
privilege::debugSekurLSA:
sekurlsa:: #to view optionsLogon Passwords:
sekurlsa::logonPasswords
Happens because of the mapped drive that is logged into using other (admin) credentials.