LSASS memory

GPTKB entity

Statements (21)
Predicate Object
gptkbp:instanceOf computer security concept
gptkbp:accessibleBy administrators
system processes
gptkbp:canBeDumpedBy gptkb:Mimikatz
ProcDump
Task Manager (with sufficient privileges)
Windows built-in tools
gptkbp:contains gptkb:Kerberos_tickets
gptkb:NTLM_hashes
plaintext passwords (in some cases)
https://www.w3.org/2000/01/rdf-schema#label LSASS memory
gptkbp:isSensitive true
gptkbp:mayInclude user credentials
password hashes
gptkbp:monitors EDR solutions
gptkbp:protectedBy LSA Protection (RunAsPPL)
gptkbp:relatedTo gptkb:Local_Security_Authority_Subsystem_Service
gptkb:Windows_operating_system
gptkbp:target credential dumping attacks
gptkbp:bfsParent gptkb:Credential_Guard
gptkbp:bfsLayer 6