|
gptkbp:instanceOf
|
Process
|
|
gptkbp:abbreviation
|
gptkb:Local_Security_Authority_Subsystem_Service
|
|
gptkbp:canBe
|
malware
attackers for credential theft
|
|
gptkbp:canBeRestarted
|
No (system will crash)
|
|
gptkbp:criticalFor
|
true
|
|
gptkbp:defaultPrivileges
|
SYSTEM
|
|
gptkbp:developedBy
|
gptkb:Microsoft
|
|
gptkbp:fileLocation
|
C:\\Windows\\System32\\lsass.exe
|
|
gptkbp:fullName
|
gptkb:Local_Security_Authority_Subsystem_Service
|
|
https://www.w3.org/2000/01/rdf-schema#label
|
LSASS
|
|
gptkbp:introducedIn
|
gptkb:Windows_NT
|
|
gptkbp:logo
|
lsass.exe
|
|
gptkbp:monitors
|
gptkb:Windows_Task_Manager
gptkb:Event_Viewer
|
|
gptkbp:operatingSystem
|
gptkb:Microsoft_Windows
|
|
gptkbp:primaryUse
|
creates access tokens
enforces security policy on Windows systems
handles user logins
manages password changes
verifies users for local and remote logins
|
|
gptkbp:relatedTo
|
gptkb:Winlogon
gptkb:Active_Directory
gptkb:Netlogon
gptkb:SAM_(Security_Accounts_Manager)
gptkb:Windows_security_subsystem
Windows authentication
|
|
gptkbp:runsAsService
|
true
|
|
gptkbp:runsOn
|
lsass.exe
user mode
|
|
gptkbp:service
|
gptkb:LSASS
|
|
gptkbp:serviceDependencies
|
nan
|
|
gptkbp:serviceDisplayName
|
gptkb:Local_Security_Authority_Process
|
|
gptkbp:serviceStartType
|
Automatic
|
|
gptkbp:serviceType
|
gptkb:Win32_service
|
|
gptkbp:status
|
Running
|
|
gptkbp:supportsProtocol
|
gptkb:Kerberos
gptkb:NTLM
gptkb:Digest
gptkb:SSPI
gptkb:MSV1_0
gptkb:SChannel
Negotiate
|
|
gptkbp:terminationEffect
|
system shutdown
|
|
gptkbp:usedBy
|
gptkb:Group_Policy
gptkb:BitLocker
gptkb:Windows_Defender_Credential_Guard
gptkb:Windows_Hello
gptkb:Remote_Desktop_Services
Domain controllers
Windows logon process
Credential providers
Windows authentication packages
Windows security policies
|
|
gptkbp:vulnerableTo
|
gptkb:Mimikatz
credential dumping attacks
|
|
gptkbp:bfsParent
|
gptkb:NT_(New_Technology)
|
|
gptkbp:bfsLayer
|
6
|