In recent years, certain AV and EDR products have become significantly better at detecting and preventing classic credential theft via memory dumping techniques that target the LSASS process, that #Mimikatz is widely known for. In this blog post, our Security Advisor Magnus K. Stubman discuss an alternative attack that in many situation may get the same job done without ever touching LSASS, while also serving as a lateral movement and persistence technique.