Statements (21)
| Predicate | Object |
|---|---|
| gptkbp:instanceOf |
gptkb:computer_security_concept
|
| gptkbp:accessibleBy |
administrators
system processes |
| gptkbp:canBeDumpedBy |
gptkb:Mimikatz
ProcDump Task Manager (with sufficient privileges) Windows built-in tools |
| gptkbp:contains |
gptkb:Kerberos_tickets
gptkb:NTLM_hashes plaintext passwords (in some cases) |
| gptkbp:isSensitive |
true
|
| gptkbp:mayInclude |
user credentials
password hashes |
| gptkbp:monitors |
EDR solutions
|
| gptkbp:protectedBy |
LSA Protection (RunAsPPL)
|
| gptkbp:relatedTo |
gptkb:Local_Security_Authority_Subsystem_Service
gptkb:Windows_operating_system |
| gptkbp:target |
credential dumping attacks
|
| gptkbp:bfsParent |
gptkb:Credential_Guard
|
| gptkbp:bfsLayer |
7
|
| https://www.w3.org/2000/01/rdf-schema#label |
LSASS memory
|