RASP for LSASS: Preventing Mimikatz-Related Attacks
Abstract
The Windows authentication infrastructure relies on the Local Security Authority (LSA) system, with its integral component being lsass.exe. Regrettably, this framework is not impervious, presenting vulnerabilities that attract threat actors with malicious intent. By exploiting documented vulnerabilities sourced from the CVE database or leveraging sophisticated tools such as mimikatz, adversaries can successfully compromise user password-address information. In this comprehensive analysis, we delve into proactive measures aimed at fortifying the local authentication subsystem against potential threats. Moreover, we present empirical evidence derived from practical assessments of various defensive methodologies, including those articulated previously. This examination not only underscores the importance of proactive security measures but also assesses the practical efficacy of these strategies in real-world contexts.
Turn this paper into a full lesson
ArcXiv compiles a staged curriculum from this paper: 8-12 lessons across beginner → advanced, synthesised section guides, visuals, flashcards, a quiz, exercises, and on-demand deep dives per section. Grounded in the abstract, never invented.