Statements (21)
Predicate | Object |
---|---|
gptkbp:instanceOf |
computer security concept
|
gptkbp:accessibleBy |
administrators
system processes |
gptkbp:canBeDumpedBy |
gptkb:Mimikatz
ProcDump Task Manager (with sufficient privileges) Windows built-in tools |
gptkbp:contains |
gptkb:Kerberos_tickets
gptkb:NTLM_hashes plaintext passwords (in some cases) |
https://www.w3.org/2000/01/rdf-schema#label |
LSASS memory
|
gptkbp:isSensitive |
true
|
gptkbp:mayInclude |
user credentials
password hashes |
gptkbp:monitors |
EDR solutions
|
gptkbp:protectedBy |
LSA Protection (RunAsPPL)
|
gptkbp:relatedTo |
gptkb:Local_Security_Authority_Subsystem_Service
gptkb:Windows_operating_system |
gptkbp:target |
credential dumping attacks
|
gptkbp:bfsParent |
gptkb:Credential_Guard
|
gptkbp:bfsLayer |
6
|