{
	"id": "978c8e71-ca8b-4e2b-9c90-99c0aa4a3ef9",
	"created_at": "2026-04-06T00:06:17.422305Z",
	"updated_at": "2026-04-10T03:20:00.973009Z",
	"deleted_at": null,
	"sha1_hash": "884703b43d74ec4e8692f4db9ea69fe9a7e34d1e",
	"title": "Amplia Security - Research - Windows Credentials Editor (WCE)",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 39868,
	"plain_text": "Amplia Security - Research - Windows Credentials Editor (WCE)\r\nBy ampliasecurity.com\r\nArchived: 2026-04-05 23:13:32 UTC\r\nWindows Credentials Editor (WCE) is a security tool to list logon sessions and add, change, list and delete\r\nassociated credentials (ex.: LM/NT hashes, plaintext passwords and Kerberos tickets).\r\nThis tool can be used, for example, to perform pass-the-hash on Windows, obtain NT/LM hashes from memory\r\n(from interactive logons, services, remote desktop connections, etc.), obtain Kerberos tickets and reuse them in\r\nother Windows or Unix systems and dump cleartext passwords entered by users at logon.\r\nWCE is a security tool widely used by security professionals to assess the security of Windows networks via\r\nPenetration Testing. It supports Windows XP, 2003, Vista, 7, 2008 and Windows 8.\r\nCurrent version\r\nWCE v1.42beta (32-bit) (download)\r\nWCE v1.42beta (64-bit) (download)\r\nWCE v1.41beta (Universal Binary) (download)\r\nPrevious versions\r\nWCE v1.41beta (32-bit) (download)\r\nWCE v1.41beta (64-bit) (download)\r\nWCE v1.4beta (32-bit) (download)\r\nWCE v1.4beta (64-bit) (download)\r\nWCE v1.4beta (Universal Binary) (download)\r\nWCE v1.3beta (32-bit) (download)\r\nWCE v1.3beta (64-bit) (download)\r\nWCE v1.21 (64-bit) (download)\r\nWCE v1.2 (32-bit) (download)\r\nWCE v1.2 (64-bit) (download)\r\nWCE v1.1 (32-bit) (download)\r\nWCE v1.0 (32-bit) (download)\r\nFAQ\r\nFrequently Asked Questions (FAQ) available here.\r\nContact\r\nhttps://www.ampliasecurity.com/research/windows-credentials-editor/\r\nPage 1 of 2\n\nPlease send your questions, suggestions and bug reports to research@ampliasecurity.com\r\nResources\r\nWCE Internals\r\nPresentation explaining the inner workings of WCE v1.1 including how Windows XP,2003,7,Vista and 2008 store\r\ncredentials in memory, describing undocumented structures found via reverse engineering, encryption algorithms\r\nused to encrypt credentials and how to recover encryption keys and IVs to decrypt NTLM credentials.\r\nRootedCon 2011 (download)\r\nPost-Exploitation with WCE\r\nThis presentation describes the techniques WCE brings to penetration testers and how these can be used in\r\ndifferent scenarios. Although originally targeted to college students studying information security, you might find\r\nuseful information you didn't know about even if you are an experienced user of WCE or penetration tester.\r\nUBA 2011 - Spanish (download) - English (download)\r\nSource: https://www.ampliasecurity.com/research/windows-credentials-editor/\r\nhttps://www.ampliasecurity.com/research/windows-credentials-editor/\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://www.ampliasecurity.com/research/windows-credentials-editor/"
	],
	"report_names": [
		"windows-credentials-editor"
	],
	"threat_actors": [],
	"ts_created_at": 1775433977,
	"ts_updated_at": 1775791200,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/884703b43d74ec4e8692f4db9ea69fe9a7e34d1e.pdf",
		"text": "https://archive.orkl.eu/884703b43d74ec4e8692f4db9ea69fe9a7e34d1e.txt",
		"img": "https://archive.orkl.eu/884703b43d74ec4e8692f4db9ea69fe9a7e34d1e.jpg"
	}
}