Statements (23)
| Predicate | Object |
|---|---|
| gptkbp:instanceOf |
gptkb:cybersecurity_technique
|
| gptkbp:canExtract |
gptkb:Kerberos_tickets
gptkb:NTLM_hashes plaintext passwords |
| gptkbp:category |
post-exploitation technique
|
| gptkbp:countermeasures |
gptkb:Credential_Guard
gptkb:Endpoint_Detection_and_Response LSA Protection |
| gptkbp:detects |
security monitoring tools
|
| gptkbp:documentedIn |
MITRE ATT&CK T1003.001
|
| gptkbp:enables |
lateral movement
privilege escalation |
| gptkbp:relatedTo |
gptkb:Windows_operating_system
credential dumping |
| gptkbp:requires |
administrator privileges
|
| gptkbp:target |
gptkb:Local_Security_Authority_Subsystem_Service
|
| gptkbp:usedBy |
attackers
|
| gptkbp:uses |
gptkb:Mimikatz
ProcDump Windows Credential Editor |
| gptkbp:bfsParent |
gptkb:CrackMapExec
|
| gptkbp:bfsLayer |
8
|
| https://www.w3.org/2000/01/rdf-schema#label |
LSA secret dumping
|