SpecterOps released "DumpGuard" along with a detailed article on how they were able to bypass Windows Credential Guard in both privileged and unprivileged contexts. I learned a ton about Isolated LSA and friends. Its funny to see that DES-cracking of NTLMv1 challenges is still relevant (and that https://ntlmv1.com/ has supplanted https://crack.sh).

Article: https://specterops.io/blog/2025/10/23/catching-credential-guard-off-guard/

DumpGuard: https://github.com/bytewreck/DumpGuard