Saved in:
Bibliographic Details
Main Authors: Revazova, Anna, Korkin, Igor
Format: Preprint
Published: 2023
Subjects:
Online Access:https://arxiv.org/abs/2401.00316
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866910285091045376
author Revazova, Anna
Korkin, Igor
author_facet Revazova, Anna
Korkin, Igor
contents The Windows authentication infrastructure relies on the Local Security Authority (LSA) system, with its integral component being lsass.exe. Regrettably, this framework is not impervious, presenting vulnerabilities that attract threat actors with malicious intent. By exploiting documented vulnerabilities sourced from the CVE database or leveraging sophisticated tools such as mimikatz, adversaries can successfully compromise user password-address information. In this comprehensive analysis, we delve into proactive measures aimed at fortifying the local authentication subsystem against potential threats. Moreover, we present empirical evidence derived from practical assessments of various defensive methodologies, including those articulated previously. This examination not only underscores the importance of proactive security measures but also assesses the practical efficacy of these strategies in real-world contexts.
format Preprint
id arxiv_https___arxiv_org_abs_2401_00316
institution arXiv
publishDate 2023
record_format arxiv
spellingShingle RASP for LSASS: Preventing Mimikatz-Related Attacks
Revazova, Anna
Korkin, Igor
Cryptography and Security
Operating Systems
68N25 (Primary) 00-02 (Secondary)
The Windows authentication infrastructure relies on the Local Security Authority (LSA) system, with its integral component being lsass.exe. Regrettably, this framework is not impervious, presenting vulnerabilities that attract threat actors with malicious intent. By exploiting documented vulnerabilities sourced from the CVE database or leveraging sophisticated tools such as mimikatz, adversaries can successfully compromise user password-address information. In this comprehensive analysis, we delve into proactive measures aimed at fortifying the local authentication subsystem against potential threats. Moreover, we present empirical evidence derived from practical assessments of various defensive methodologies, including those articulated previously. This examination not only underscores the importance of proactive security measures but also assesses the practical efficacy of these strategies in real-world contexts.
title RASP for LSASS: Preventing Mimikatz-Related Attacks
topic Cryptography and Security
Operating Systems
68N25 (Primary) 00-02 (Secondary)
url https://arxiv.org/abs/2401.00316