This playbook is focused on detecting Credential Dumping attack as researched by Accenture Security analysts and engineers.
LSASS Credential Dumping
- Version History
- Download With Dependencies
Credential Dumping is an attack technique where attackers extract user authentication credentials such as usernames and passwords. When users log on to a system, the credentials get stored in the memory process Local Security Authority Subsystem Service (LSASS). Both administrative users and SYSTEM can harvest these credentials. This attack is only possible because operating systems store credentials in memory to save users from having to enter credentials whenever they want to use a service.
|Created||January 27, 2021|
|Last Release||December 21, 2021|