|
gptkbp:instanceOf
|
Process
|
|
gptkbp:abbreviation
|
gptkb:Local_Security_Authority_Subsystem_Service
|
|
gptkbp:category
|
security subsystem
|
|
gptkbp:criticalFor
|
true
|
|
gptkbp:executableName
|
lsass.exe
|
|
gptkbp:fullName
|
gptkb:Local_Security_Authority_Subsystem_Service
|
|
gptkbp:function
|
creates access tokens
enforces security policy on Windows systems
handles password changes
manages Active Directory authentication
verifies users logging on to a Windows computer
|
|
https://www.w3.org/2000/01/rdf-schema#label
|
NT LSASS
|
|
gptkbp:introducedIn
|
gptkb:Windows_NT
|
|
gptkbp:location
|
C:\\Windows\\System32\\lsass.exe
|
|
gptkbp:monitors
|
gptkb:Windows_Task_Manager
|
|
gptkbp:operatingSystem
|
gptkb:Microsoft_Windows
|
|
gptkbp:parentProcess
|
wininit.exe
|
|
gptkbp:relatedTo
|
gptkb:Kerberos_authentication
gptkb:Active_Directory
gptkb:NTLM_authentication
SAM database
|
|
gptkbp:runsOn
|
gptkb:Windows_8
gptkb:Windows_10
gptkb:Windows_11
gptkb:Windows_7
gptkb:Windows_Server
Process
|
|
gptkbp:terminationEffect
|
system shutdown
|
|
gptkbp:vulnerableTo
|
pass-the-hash attacks
credential dumping attacks
|
|
gptkbp:bfsParent
|
gptkb:Windows_NT_operating_system
|
|
gptkbp:bfsLayer
|
7
|