-
lsassy 1.0.0 is finally out !
Remotely dump #lsass **with built-in Windows tools only**, procdump is no longer necessary
Remotely parse lsass dumps to extract credentials
Link to #Bloodhound to detect compromised users with path to Domain Admin https://github.com/Hackndo/lsassy pic.twitter.com/vljW7swZGr
Prikaži ovu nit -
Lsass.exe io v high on xenapp servers. Why? Can an1 shed some light?
#lsass what are acceptable io numbers? -
Other users with Nasty virus on PC
@DivasMistress@rachky@nasty_virus@meritsolutions@RandySpangler#jjypwllo#lsass#nastyvirus -
-
Update Protection against
#Microsoft#ActiveDirectory#LSASS Recursive Stack Overflow Vulnerability (MS09-066) http://bit.ly/3TGiO7 -
Remotely parse
#lsass dumps and extract#credentialshttps://github.com/Hackndo/lsassy -
Spraykatz - A Tool Able To Retrieve Credentials On Windows Machines And Large Active Directory Environments http://j.mp/2Zl6rCa
#Lsass pic.twitter.com/L1tdG1XXjC -
Understanding how
#Mimikatz deals with#LSASS and countermeasure@ArnaudLheureux@squastana@gentilkiwi@msftsecurityhttp://fr.scribd.com/doc/235639383/Mimikatz-presentation-LSASS-et-contre-mesures-tuto-de-A-a-Z … -
Enabling
#LSASS Protection is also possible with Group Policies, it probably changes the exact same regkey - just makes deployment that much easier. It also forms a part of the Security Baselines for Customers#security#backtobasicspic.twitter.com/GpKQfAkl2s
-
#Spraykatz v0.9.6 is out! • Quickly retrieve#credentials from distant machines by remotely#procdump and parse#lsass • https://github.com/aas-n/spraykatz pic.twitter.com/sJMrLSIwnS -
It does so by accessing the credentials in memory, within the Windows process
#LSASS. These credentials can be reused to give access to other machines in a network.Prikaži ovu nit -
#Spraykatz v0.9.7 is out! Credentials gathering tool automating remote#procdump and parse of#lsass process to avoid AVs.
https://github.com/aas-n/spraykatz
pic.twitter.com/LTMGeNBpQH -
#LSASS doesn't typically spawn other services, so it was particularly suspicious when it was recently observed launching rundll32.exe. https://redcanary.com/blog/lsass-behaving-badly/ … -
In this last article about privilege escalation in Windows domains, we demonstrate how to extract credentials from running systems to compromise high-privileged accounts. https://blog.compass-security.com/2019/08/privilege-escalation-in-windows-domains-3-3/ …
#privesc#lsass#mimikatzpic.twitter.com/fVT2nYdDLY
-
Thanks to the outstanding
@volatility the#ProcessHollowing in#stuxnet is like a snowflake in a red-hot furnace!!!#dfir#malware#evadedetection#threats#ThreatHunting#threatintelligence#codeinjection#p4wn#exploit#exploitation#lsass#memoryforensics#volatility pic.twitter.com/3oyQlPDLgo
-
I JUST SAW A GIRL'S BUTT. HER WHOLE BUTT.
#loyolastudentsagainstshortshorts#LSASS -
What is LSASS? - lsass.exe is part of the security system that comes along with Microsoft... http://is.gd/WJ7U4H
#lsass#lsassexe -
Crash Remote
#LSASS MS16-137#PatchTuesday CVE-2016-7237 Affected: from WinXP to Win10#Suricata rules and pcap:https://github.com/ptresearch/AttackDetection/tree/master/CVE-2016-7237 … -
First poster is up. Gotta get
#LSASS and#WSA up there too. Smh man I have the dope at coverspic.twitter.com/ESrhpKBXiR
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.
I tried to disable it by resetting the RunAsPPL registry key to 0, and rebooting. But LSASS was still protected
I finally discovered why... 