Chains
TTPs
Blog
Login
Prelude TTP browser
Dump LSASS memory
Tactic:
Credential-access
Community
This is a community level chain. Download Prelude Operator to use this chain for free.
LSASS is a Windows process for enforcing security policies. It is stored in memory and it can be dumped to disk, often done as a precuror to analyzing the dump with a credential dumper like Mimikatz.
View Command
You must be logged in to view this TTPs command.
Login
Authors
privateducky
mitre
Tactic
Credential-access
Test this TTP
Download Operator (1.7.1)