LSA Secrets
https://attack.mitre.org/techniques/T1003/004/
ATT&CK ID: T1003.004
Permissions Required: SYSTEM
Description
Adversaries with SYSTEM access to a host may attempt to access Local Security Authority (LSA) secrets, which can contain a variety of different credential materials, such as credentials for service accounts. LSA secrets are stored in the registry at HKEY_LOCAL_MACHINE\SECURITY\Policy\Secrets
. LSA secrets can also be dumped from memory.
Techniques
Crackmapexec
Metasploit
Mimikatz
Last updated