Local Security Authority Subsystem Service

GPTKB entity

Statements (30)
Predicate Object
gptkbp:instanceOf Process
gptkbp:abbreviation gptkb:LSASS
gptkbp:category gptkb:security
gptkbp:criticalFor true
gptkbp:developedBy gptkb:Microsoft
gptkbp:exploits gptkb:Mimikatz
credential theft malware
gptkbp:firstAppearance gptkb:Windows_NT
gptkbp:function creates access tokens
enforces security policy on Windows systems
handles password changes
manages Active Directory authentication
verifies users logging on to a Windows computer
https://www.w3.org/2000/01/rdf-schema#label Local Security Authority Subsystem Service
gptkbp:location C:\\Windows\\System32\\lsass.exe
gptkbp:monitors gptkb:Windows_Task_Manager
gptkbp:operatingSystem gptkb:Microsoft_Windows
gptkbp:processName lsass.exe
gptkbp:relatedTo gptkb:Kerberos_authentication
gptkb:NTLM_authentication
Windows logon process
SAM database
gptkbp:runsOn SYSTEM account
gptkbp:subject Windows security updates
gptkbp:terminationEffect system shutdown
gptkbp:vulnerableTo credential dumping attacks
gptkbp:bfsParent gptkb:Security_Account_Manager
gptkb:LSASS_memory
gptkb:LSASS
gptkbp:bfsLayer 7