GPTKB
Browse
Query
Compare
Download
Publications
Contributors
Search
Local Security Authority Process
URI:
https://gptkb.org/entity/Local_Security_Authority_Process
GPTKB entity
Statements (29)
Predicate
Object
gptkbp:instanceOf
Process
gptkbp:alsoKnownAs
lsass.exe
gptkbp:canBe
gptkb:Mimikatz
credential theft malware
gptkbp:category
Windows API
Windows security
gptkbp:criticalFor
true
gptkbp:developedBy
gptkb:Microsoft
gptkbp:executableName
lsass.exe
gptkbp:firstAppearance
gptkb:Windows_NT
https://www.w3.org/2000/01/rdf-schema#label
Local Security Authority Process
gptkbp:integrityLevel
high
gptkbp:location
C:\\Windows\\System32\\lsass.exe
gptkbp:monitors
gptkb:Windows_Task_Manager
gptkbp:operatingSystem
gptkb:Microsoft_Windows
gptkbp:purpose
creates access tokens
enforces security policy on Windows systems
handles password changes
manages Active Directory authentication
verifies users logging on to a Windows computer
gptkbp:relatedTo
gptkb:Kerberos_authentication
gptkb:Active_Directory
gptkb:NTLM_authentication
Windows logon process
gptkbp:runsOn
SYSTEM account
gptkbp:terminationEffect
system shutdown
gptkbp:vulnerableTo
credential dumping attacks
gptkbp:bfsParent
gptkb:LSASS
gptkbp:bfsLayer
7