I wish I had this for my sky rim disk when I forgot my steam account I had the key, but steam wouldn't let me use it. I lost my 90$ game. Thanks for ripping me off Bethsaida. My computer crashed, and I had to reinstall. Thank you cheating software developers.

Putting this in context...

- This requires administrator access to an AD controller. This is not something that can be done by compromising a workstation (though if you have admin access on the controller, a compromise of your workstation could be a stepping stone). Escalation vulnerabilities are generally considered critical and get patched fast, so most likely this is something a business IT insider who already has appropriate access would do, or someone who had stolen credentials from the same.

- Being an AD controller hack, this has no impact on home/individual users.

- This is involves modifying the code in memory on core infrastructure of the domain. If an attacker is in position to do that, you have already lost control of your domain and they can do pretty much anything already.

- It doesn't really have anything to do with passwords. If someone has access to rewrite the workings of the system responsible for authenticating users, it doesn't matter if you're using biometrics or anything. Two-factor only works in this case because the second factor isn't verified by the controller, but if the same user has admin privileges on the controller and on that second system (assuming it is a different system), that doesn't mean much.

- The comment regarding 'no network traffic' is that the malware does not generate traffic of its own which can serve as an indication of compromise. An attacker still needs network access to the controller to leverage it (though I expect once authenticated the authentication result will still be cached as usual so they could re-auth offline on the same machines they logged in on).