Environment
- Carbon Black Cloud Console: All Versions
- Carbon Black Cloud Sensor: All Versions
- Microsoft Windows: XP or Later
Objective
To identify devices that could be exploited using the WDigest Protocol
Resolution
- Login to the Carbon Black Cloud console
- Navigate to Live Query > New Query > Recommended tab
- Locate the query entitled, "Credential Theft Hardening - WDigest"
- Select "Run" to run it immediately against all endpoints.
Related Content