Today's another fun tale of pentest pwnage - specifically focused on cracking a hash type I'd never paid much attention to before:cached domain credentials. I also learned that you can at least partially protect against this type of hash being captured by checking outthis article, which has you set the following setting in GPO: UnderComputer Configuration > Policies > Windows Settings > Security Settings > Local Policies > Security OptionssetInteractive logon: Number of previous logons to cacheto0. Be careful, as you will have login problems if a domain controller is not immediately accessible! In regards to defending against secretsdump,this articleI found this article to be super interesting.