-4

I am using windows 10 Version 10.0.19045 Build 19045 on a domain controlled device. It is my personal device. I use registry to look for keys but turned empty.

I need help on where the cached domain credentials are kept for the next OFFLINE login. I have used Mimikatz, LaZagne. secretsdump, Nirsoft stuff, ntdisector, Psexec and ALL OTHER SORTS OF STUFF. Ive dumped the SYSTEM SAM SECURITY registry. Ive searched the a lot of the registry. Ive looked in the HKLM\SECURITY\cached locations and. Ive checked HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography, HKEY_LOCAL_MACHINE\SAM, HKEY_LOCAL_MACHINE\Security\Cache, HKEY_LOCAL_MACHINE\Security\Policy\Secrets. Ive tried dumping the adamntds.dit file, no output using secretsdump on Kali Linux. ive tried virtual machines Physical devices. NO bit locker on anything. But STILL the accounts profile pictures are stored, all emails and account domain are in the regisrty. all NL$1 - NL$10 are empty with all zeros. Ive looked in CurrentVersion keys ProfileLIst keys and others. ive even used my own domain account and nothing but my account will show up in mimikatz with the hash and all other local accounts. Using LaZagne will output all accounts but no hash. Secrets dump will only output local accounts. there is no ntds.dit file but only adamntds.dit and still no domain hashes or outputs. YET STILL I CAN SIGN IN OFFLINE AND OTHERS CAN IF THEY PREVIOUSLY DID. If you all know ANYTHING I AM SEVERELY DESPERATE. Thanks in advanced!

Registry of empty cache, NL$

Its asking ME to clarify like what does that even mean Ive never used this site before, i told you everything, i don't know what else to say!

0

Browse other questions tagged .