imageBenjamin Delpy the author of the well known mimikatz toolkit has released a very cool extension to WinDbg today.

In summary the extension can extract Windows passwords from memory dumps, hibernation files and Virtual Machine .vmem files (paging, snapshots).

Especially the ability to extract passwords from .vmem files was very interesting. So I decided to to test this out, so let’s see how it works!