sekurlsa::bootkey sets the SecureKernel Boot Key and attempts to decrypt LSA Isolated credentials. It has the following command line arguments:
sekurlsa::bootkey
/new: the new Boot key value
/new
/raw: RAW memory search for candidate keys in cache
/raw
/flush: it flushes cache
/flush
mimikatz # sekurlsa::bootkey Candidate keys in cache: Current IumMkPerBoot: <none>
Last updated 4 years ago
