Local Security Authority Process

GPTKB entity

Statements (29)
Predicate Object
gptkbp:instanceOf Process
gptkbp:alsoKnownAs lsass.exe
gptkbp:canBe gptkb:Mimikatz
credential theft malware
gptkbp:category Windows API
Windows security
gptkbp:criticalFor true
gptkbp:developedBy gptkb:Microsoft
gptkbp:executableName lsass.exe
gptkbp:firstAppearance gptkb:Windows_NT
https://www.w3.org/2000/01/rdf-schema#label Local Security Authority Process
gptkbp:integrityLevel high
gptkbp:location C:\\Windows\\System32\\lsass.exe
gptkbp:monitors gptkb:Windows_Task_Manager
gptkbp:operatingSystem gptkb:Microsoft_Windows
gptkbp:purpose creates access tokens
enforces security policy on Windows systems
handles password changes
manages Active Directory authentication
verifies users logging on to a Windows computer
gptkbp:relatedTo gptkb:Kerberos_authentication
gptkb:Active_Directory
gptkb:NTLM_authentication
Windows logon process
gptkbp:runsOn SYSTEM account
gptkbp:terminationEffect system shutdown
gptkbp:vulnerableTo credential dumping attacks
gptkbp:bfsParent gptkb:LSASS
gptkbp:bfsLayer 7