bootkey
sekurlsa::bootkey sets the SecureKernel Boot Key and attempts to decrypt LSA Isolated credentials. It has the following command line arguments:
  • /new: the new Boot key value
  • /raw: RAW memory search for candidate keys in cache
  • /flush: it flushes cache
1
mimikatz # sekurlsa::bootkey
2
โ€‹
3
Candidate keys in cache:
4
โ€‹
5
Current IumMkPerBoot: <none>
Copied!
Last modified 6mo ago
Copy link