← LibraryTechnique entry
AD-DPAPI-CREDSCredential Access
DPAPI Credential Vault
Decrypt Credential Manager blobs using the masterkey — recover saved RDP, browser, Outlook creds.
§ Where this technique fits
AD-DPAPI-CREDS is catalogued under the Credential Access tactic of the offensive-security kill-chain. It appears in 0 approved dossiers in the registry, typically.