Cleaning out some old bookmarks I came across this pretty cool find: a forum tutorial on recovering and then cracking cached domain credentials on a Windows machine. Not only is this tutorial practical to follow and use, but it gives ammunition to anyone who challenges setting Windows cached credentials to 0. Sadly, this butts right up against laptop users who, when they log in at home, need the cached credential to use the system.
For possible future pen-test work that I’d love to do someday, this might be useful to test policy. If I can get my hands on a system or even get a local admin to come over and troubleshoot my system by logging in as himself, I can use that cached credential and crack it. This is exactly why I made sure to let users log in right after I had been logged into their machines to clear the 1 cached credential that I allowed my systems to retain.