{"title":"RASP for LSASS: Preventing Mimikatz-Related Attacks","authors":"Anna Revazova, Igor Korkin","doi":"arxiv-2401.00316","DOIUrl":null,"url":null,"abstract":"The Windows authentication infrastructure relies on the Local Security\nAuthority (LSA) system, with its integral component being lsass.exe.\nRegrettably, this framework is not impervious, presenting vulnerabilities that\nattract threat actors with malicious intent. By exploiting documented\nvulnerabilities sourced from the CVE database or leveraging sophisticated tools\nsuch as mimikatz, adversaries can successfully compromise user password-address\ninformation. In this comprehensive analysis, we delve into proactive measures aimed at\nfortifying the local authentication subsystem against potential threats.\nMoreover, we present empirical evidence derived from practical assessments of\nvarious defensive methodologies, including those articulated previously. This\nexamination not only underscores the importance of proactive security measures\nbut also assesses the practical efficacy of these strategies in real-world\ncontexts.","PeriodicalId":501333,"journal":{"name":"arXiv - CS - Operating Systems","volume":"62 1","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2023-12-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"arXiv - CS - Operating Systems","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/arxiv-2401.00316","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
Abstract
The Windows authentication infrastructure relies on the Local Security
Authority (LSA) system, with its integral component being lsass.exe.
Regrettably, this framework is not impervious, presenting vulnerabilities that
attract threat actors with malicious intent. By exploiting documented
vulnerabilities sourced from the CVE database or leveraging sophisticated tools
such as mimikatz, adversaries can successfully compromise user password-address
information. In this comprehensive analysis, we delve into proactive measures aimed at
fortifying the local authentication subsystem against potential threats.
Moreover, we present empirical evidence derived from practical assessments of
various defensive methodologies, including those articulated previously. This
examination not only underscores the importance of proactive security measures
but also assesses the practical efficacy of these strategies in real-world
contexts.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
