Skip to main content

LSASS Credential Dumping

Download With Dependencies

Credential Dumping is an attack technique where attackers extract user authentication credentials such as usernames and passwords. When users log on to a system, the credentials get stored in the memory process Local Security Authority Subsystem Service (LSASS). Both administrative users and SYSTEM can harvest these credentials. This attack is only possible because operating systems store credentials in memory to save users from having to enter credentials whenever they want to use a service.

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

Supported ByCommunity
CreatedJanuary 27, 2021
Last ReleaseMay 2, 2023
Identity And Access Management
WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER
Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.