indicatorregistry_key
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest\UseLogonCredential
- First seen
- 2026-05-13
- Last seen
- 2026-05-13
- Sightings
- 1
Posts referencing this indicator
- Proactive Preparation and Hardening Against Destructive Attacks: 2026 Edition
Registry key used to enable or disable WDigest authentication. Threat actors may modify this to 1 to force clear-text credentials to be stored in LSASS memory.