Evan McBroom

Catching Credential Guard Off Guard - SpecterOps Uncovering the protection mechanisms provided by modern Windows security features and identifying new methods for credential dumping.

Credential Guard was supposed to end credential dumping. It didn't.

Valdemar Carøe just dropped a new blog post detailing techniques for extracting credentials on fully patched Windows 11 & Server 2025 with modern protections enabled.

Read for more: ghst.ly/4qtl2rm

YouTube video by Recon Conference Recon 2025 - The Finer Details of LSA Credential Recovery

@reconmtl.bsky.social has uploaded the majority of the 2025 talks, including my talk on LSA. You can check it out at the below link if you'd like.

Thank you again to the organizers and everyone else who helps put on the conference. I look forward to coming back!
youtu.be/G2CfMWXLU1U?...

GitHub - EvanMcBroom/presentations: My presentations from different computer security conferences My presentations from different computer security conferences - EvanMcBroom/presentations

Thank you to everyone who came to my REcon presentation yesterday and to the conference organizers for planning everything!

The slides for the presentation are hosted here if anyone would like them as a reference:
github.com/EvanMcBroom/...

Windows 11 24H2 · Issue #1 · EvanMcBroom/perfect-loader Hi, will this work in windows 24H2?

The perfect loader library was updated this week to support changes made on Windows 11 24H2. A big thank you to Jarrod Davis (@tinybiggames.com) for reporting the issue and helping work on a solution!

A full writeup on the issues and fixes can be found here:
github.com/EvanMcBroom/...