LSASS process

GPTKB entity

Statements (58)
Predicate Object
gptkbp:instanceOf Process
gptkbp:abbreviation gptkb:LSASS
gptkbp:canBeDumpedBy gptkb:Windows_Error_Reporting
gptkb:Mimikatz
gptkb:Task_Manager
ProcDump
gptkbp:canBeRestartedBy system reboot
gptkbp:category Windows API
Windows security
Windows authentication
gptkbp:crashesResultIn system shutdown
forced logoff
gptkbp:criticalFor system security
gptkbp:developedBy gptkb:Microsoft
gptkbp:executableName lsass.exe
gptkbp:fileLocation C:\\Windows\\System32\\lsass.exe
gptkbp:fullName gptkb:Local_Security_Authority_Subsystem_Service
https://www.w3.org/2000/01/rdf-schema#label LSASS process
gptkbp:introducedIn gptkb:Windows_NT
gptkbp:monitors gptkb:Sysinternals_tools
gptkb:Performance_Monitor
gptkb:Windows_Task_Manager
gptkb:Event_Viewer
gptkbp:numberOfLocations user credentials
Active Directory data (on domain controllers)
gptkbp:operatingSystem gptkb:Windows
gptkbp:protectedBy gptkb:Credential_Guard
LSA Protection (RunAsPPL)
gptkbp:responsibleFor password changes
creating access tokens
enforcing security policy on Windows systems
handling user logins
verifying users for local and remote logins
gptkbp:restartEffect system reboot or forced logoff
gptkbp:runsOn SYSTEM account
gptkbp:service gptkb:LSASS
gptkbp:serviceDependencies nan
gptkbp:serviceDisplayName gptkb:Local_Security_Authority_Process
gptkbp:serviceStartupType Automatic
gptkbp:serviceType gptkb:Win32_service
gptkbp:status Running
gptkbp:supportsProtocol gptkb:CredSSP
gptkb:Kerberos
gptkb:NTLM
gptkb:Digest
gptkb:MSV1_0
gptkb:SChannel
SSP
Negotiate
CloudAP
LiveSSP
PKU2U
TSPKG
WDigest
gptkbp:target malware
gptkbp:vulnerableTo credential dumping attacks
gptkbp:bfsParent gptkb:Windows_Defender_Credential_Guard_for_Virtualization-Based_Security
gptkbp:bfsLayer 8