|
gptkbp:instanceOf
|
Process
|
|
gptkbp:abbreviation
|
gptkb:LSASS
|
|
gptkbp:canBeDumpedBy
|
gptkb:Windows_Error_Reporting
gptkb:Mimikatz
gptkb:Task_Manager
ProcDump
|
|
gptkbp:canBeRestartedBy
|
system reboot
|
|
gptkbp:category
|
Windows API
Windows security
Windows authentication
|
|
gptkbp:crashesResultIn
|
system shutdown
forced logoff
|
|
gptkbp:criticalFor
|
system security
|
|
gptkbp:developedBy
|
gptkb:Microsoft
|
|
gptkbp:executableName
|
lsass.exe
|
|
gptkbp:fileLocation
|
C:\\Windows\\System32\\lsass.exe
|
|
gptkbp:fullName
|
gptkb:Local_Security_Authority_Subsystem_Service
|
|
https://www.w3.org/2000/01/rdf-schema#label
|
LSASS process
|
|
gptkbp:introducedIn
|
gptkb:Windows_NT
|
|
gptkbp:monitors
|
gptkb:Sysinternals_tools
gptkb:Performance_Monitor
gptkb:Windows_Task_Manager
gptkb:Event_Viewer
|
|
gptkbp:numberOfLocations
|
user credentials
Active Directory data (on domain controllers)
|
|
gptkbp:operatingSystem
|
gptkb:Windows
|
|
gptkbp:protectedBy
|
gptkb:Credential_Guard
LSA Protection (RunAsPPL)
|
|
gptkbp:responsibleFor
|
password changes
creating access tokens
enforcing security policy on Windows systems
handling user logins
verifying users for local and remote logins
|
|
gptkbp:restartEffect
|
system reboot or forced logoff
|
|
gptkbp:runsOn
|
SYSTEM account
|
|
gptkbp:service
|
gptkb:LSASS
|
|
gptkbp:serviceDependencies
|
nan
|
|
gptkbp:serviceDisplayName
|
gptkb:Local_Security_Authority_Process
|
|
gptkbp:serviceStartupType
|
Automatic
|
|
gptkbp:serviceType
|
gptkb:Win32_service
|
|
gptkbp:status
|
Running
|
|
gptkbp:supportsProtocol
|
gptkb:CredSSP
gptkb:Kerberos
gptkb:NTLM
gptkb:Digest
gptkb:MSV1_0
gptkb:SChannel
SSP
Negotiate
CloudAP
LiveSSP
PKU2U
TSPKG
WDigest
|
|
gptkbp:target
|
malware
|
|
gptkbp:vulnerableTo
|
credential dumping attacks
|
|
gptkbp:bfsParent
|
gptkb:Windows_Defender_Credential_Guard_for_Virtualization-Based_Security
|
|
gptkbp:bfsLayer
|
8
|