A new technique, called “Internal Monologue Attack”, allows and attack similar to Mimikatz without dumping memory area of LSASS process, avoiding antivirus and Windows Credential Guard. Mimikatz is a well-known tool which allows attackers to extract plain text passwords from LSASS process memory for use in post exploitation lateral movement. Some thought about NetNTLM In Windows…
Article Link: https://andreafortuna.org/dfir/retrieving-ntlm-hashes-without-touching-lsass-the-internal-monologue-attack/