Bypassing LSA Protection in Userland – Sec Team Blog
Tags
attack-pattern: Model Exploits - T1587.004 Exploits - T1588.005 Impersonation - T1656 Native Api - T1575 Process Hollowing - T1055.012 Server - T1583.004 Server - T1584.004 Tool - T1588.002 Execution Through Api - T1106 Process Hollowing - T1093
Show in Graph
Common Information
Type Value
UUID bd91e6d6-f045-4197-99ab-4b499a8b54b5
Fingerprint ae214917bda653c9
Analysis status DONE
Considered CTI value 0
Text language
Published April 22, 2021, 12:30 p.m.
Added to db Jan. 18, 2023, 8:51 p.m.
Last updated Nov. 17, 2024, 6:55 p.m.
Headline Bypassing LSA Protection in Userland
Title Bypassing LSA Protection in Userland – Sec Team Blog
Detected Hints/Tags/Attributes 61/1/12
Source URLs
Redirection Url
Details Source https://blog.scrt.ch/2021/04/22/bypassing-lsa-protection-in-userland/
URL Provider
Details Provider Source level domain
Details scrt.ch blog.scrt.ch
Attributes
Details Type #Events CTI Value
Details File 478 
lsass.exe
Details File 5 
sgrmbroker.exe
Details File 748 
kernel32.dll
Details File 82 
kernelbase.dll
Details File 1260 
explorer.exe
Details File 2 
basesrv.dll
Details File 2 
foo.dll
Details File 89 
wininit.exe
Details File 306 
services.exe
Details File 119 
smss.exe
Details File 165 
csrss.exe
Details File 4 
dpapi.dll