Microsoft.com を検索
詳細を見る
"Local Security Authority Subsystem Service"
Detecting and preventing LSASS credential dumping attacks
One technique attackers use is targeting credentials in the Windows Local Security Authority Subsystem Service (LSASS) process memory because it can store...
Attack surface reduction rules reference - Microsoft Defender ...
Block credential stealing from the Windows local security authority subsystem Note If you have LSA protection enabled, this attack surface reduction rule...
Download Local Security Authority (LSA) Protected Process ...
IT Administrators who enable additional LSA Protection to mitigate pass-the-hash (PtH) threats on x86-based or x64-based devices that use Secure Boot and...
Detecting credential theft through memory access modelling ...
In this post, we’ll discuss one of them: a statistical approach that models memory access to the Local Security Authority Subsystem Service (lsass.exe) process.
Effective Detection of Credential Thefts from Windows ...
In contrast, our work focuses directly on the memory read access behaviour to the process that enforces the system security policy. We use machine learning...
Worm:Win32/Sasser.A threat description - Microsoft Security ...
Win32/Sasser.A is a network worm that exploits the Local Security Authority Subsystem Service (LSASS) vulnerability fixed in Microsoft Security Update...
Microsoft
In contrast, our work focuses directly on the memory read access behaviour to the process that enforces the system security policy. We use machine learning...
Local Administrator Password Solution (LAPS) 導入ガイド ...
LAPS ツールは、Active Directory (AD) に参加しているコンピューターの、ローカル管理者アカウントのパスワードを AD にて管理することができる無償のツールです。 Active Directory...
MSDTC fallbacck from Kerberos to NTLM - Microsoft Q&A
LSASS / security subsystem issues If LSASS is unresponsive or misconfigured, Kerberos/NTLM operations can fail, causing SSPI/AcceptSecurityContext failures...
Logon and Authentication Technologies: Logon and ...
The Local Security Authority (LSA) is a protected subsystem that authenticates and logs users on to the local computer. In addition, LSA maintains...
Volt Typhoon targets US critical infrastructure with living-off ...
Microsoft has observed Volt Typhoon attempting to dump credentials through the Local Security Authority Subsystem Service (LSASS). The LSASS process memory...
Defending Exchange servers under attack | Microsoft Security ...
In our investigation, the attackers first dumped user hashes by saving the Security Account Manager (SAM) database from the registry. Next, the attackers...
DEV-0832 (Vice Society) opportunistic ransomware ...
While Microsoft has not identified all the credential access techniques of DEV-0832, in many instances DEV-0832 accesses Local Security Authority Server...
Protecting customers from Octo Tempest attacks across ...
Block credential stealing from the Windows local security authority subsystem: Attack surface reduction (ASR) rules are the most effective method for...
New Windows 11 security features are designed for hybrid work
LSA is one of the critical processes that verify a user’s identity. With LSA protection, Windows will load only trusted, signed code, making it...
Analyzing Forest Blizzard’s custom post-compromise tool for ...
Since at least June 2020 and possibly as early as April 2019, Forest Blizzard has used the tool, which we refer to as GooseEgg, to exploit the...
Pushing the Limits of Windows: USER and GDI Objects – Part 1
This screenshot shows that, as expected, Windows system processes, including Lsass.exe (the Local Security Authority Subsystem) and service processes like...
Profiling DEV-0270: PHOSPHORUS’ ransomware operations
If you don’t have a supported CU, Microsoft is producing an additional series of security updates (SUs) that can be applied to some older and unsupported...
Lumma Stealer: Breaking down the delivery techniques and ...
Our investigation into Lumma Stealer’s distribution infrastructure reveals a dynamic and resilient ecosystem that spans phishing, malvertising, abuse of...
What is Digest Authentication?: Logon and Authentication
Depending on whether the client application or server application are user-mode or kernel-mode applications, they will use either Secur32.dll or Ksecdd.sys...
お探しのものが見つかりませんか?
検索のヒント
- すべての語句が正しく入力されていることをご確認ください。
- 別のキーワードをお試しください。
- Bing で Web を検索