all InfoSec news
Various LSASS Credentials Dumping Methods Detected by EDR
Malware Analysis, News and Indicators - Latest topics malware.news
AhnLab SEcurity intelligence Center (ASEC) has posted the blog “Account Credentials Theft in Domain Environments Detected by EDR” [1] that discusses attackers stealing account credentials after dominating the system in an Active Directory environment. Among the account credential theft method, it will cover in detail the various techniques of dumping NT Hash (a hash used for NTLM authentication protocol) saved in the LSASS process memory.
The account credential is saved in the LSASS process memory. The attacker dumps the process …
account active directory ahnlab asec attackers blog center credential credentials credentials theft credential theft directory domain dumping edr environment environments hash intelligence lsass malware analysis security security intelligence stealing system techniques theft