This playbook is focused on detecting Credential Dumping attack as researched by Accenture Security analysts and engineers.
LSASS Credential Dumping
- Details
- Content
- Dependencies
- Version History
Credential Dumping is an attack technique where attackers extract user authentication credentials such as usernames and passwords. When users log on to a system, the credentials get stored in the memory process Local Security Authority Subsystem Service (LSASS). Both administrative users and SYSTEM can harvest these credentials. This attack is only possible because operating systems store credentials in memory to save users from having to enter credentials whenever they want to use a service.
Name | Description |
---|---|
LSASS Credential Dumpin |
Name | Description |
---|---|
LSASS Credential Dumpin | This playbook is focused on detecting Credential Dumping attack as researched by Accenture Security analysts and engineers. |
Pack Name | Pack By |
---|---|
Base | By: Cortex XSOAR |
Carbon Black Cloud Enterprise EDR | By: Cortex XSOAR |
Tanium Threat Response | By: Cortex XSOAR |
Common Scripts | By: Cortex XSOAR |
Common Playbooks | By: Cortex XSOAR |
Pack Name | Pack By |
---|---|
ServiceNow | By: Cortex XSOAR |
Splunk | By: Cortex XSOAR |
Pack Name | Pack By |
---|---|
Carbon Black Cloud Enterprise EDR | By: Cortex XSOAR |
Rasterize | By: Cortex XSOAR |
Common Playbooks | By: Cortex XSOAR |
Base | By: Cortex XSOAR |
Filters And Transformers | By: Cortex XSOAR |
Common Scripts | By: Cortex XSOAR |
Cortex REST API | By: Cortex XSOAR |
Tanium Threat Response | By: Cortex XSOAR |
Credential Dumping is an attack technique where attackers extract user authentication credentials such as usernames and passwords. When users log on to a system, the credentials get stored in the memory process Local Security Authority Subsystem Service (LSASS). Both administrative users and SYSTEM can harvest these credentials. This attack is only possible because operating systems store credentials in memory to save users from having to enter credentials whenever they want to use a service.
PLATFORMS
INFO
Supported By | Community | |
Created | January 27, 2021 | |
Last Release | May 2, 2023 |