LSA Whisperer - Evan McBroom [SO-CON 2024]
Вставка
- Опубліковано 5 вер 2024
- Accessing LSASS memory has been a common goal for attackers due to its management of user credential material. Microsoft has added multiple features to Windows to make gaining such access more difficult including Credential Guard, Remote Credential Guard, and Protected Processes Light (PPL). These features are helpful but irrelevant if an attacker is able to request credentials from the LSA directly. The presentation cover such an approach and how accessing LSASS memory is unneeded to recover a wealth of credential data and to perform other attacker tradecraft.
![Misconfiguration Manager: Overlooked and Overprivileged- Duane Michael & Chris Thompson[SO-CON 2024]](http://i.ytimg.com/vi/nvaOszFzXCQ/mqdefault.jpg)
![Misconfiguration Manager: Overlooked and Overprivileged- Duane Michael & Chris Thompson[SO-CON 2024]](/img/tr.png)
![Graphs are Hard - John Hopper & Rohan Vazarkar [SO-CON 2024]](http://i.ytimg.com/vi/OaKsQVP6GlE/mqdefault.jpg)
![Identity Providers for Red Teamers - Adam Chester [SO-CON 2024]](/img/n.gif)