{"title":"LSASS 的 RASP:防止与 Mimikatz 相关的攻击","authors":"Anna Revazova, Igor Korkin","doi":"arxiv-2401.00316","DOIUrl":null,"url":null,"abstract":"The Windows authentication infrastructure relies on the Local Security\nAuthority (LSA) system, with its integral component being lsass.exe.\nRegrettably, this framework is not impervious, presenting vulnerabilities that\nattract threat actors with malicious intent. By exploiting documented\nvulnerabilities sourced from the CVE database or leveraging sophisticated tools\nsuch as mimikatz, adversaries can successfully compromise user password-address\ninformation. In this comprehensive analysis, we delve into proactive measures aimed at\nfortifying the local authentication subsystem against potential threats.\nMoreover, we present empirical evidence derived from practical assessments of\nvarious defensive methodologies, including those articulated previously. This\nexamination not only underscores the importance of proactive security measures\nbut also assesses the practical efficacy of these strategies in real-world\ncontexts.","PeriodicalId":501333,"journal":{"name":"arXiv - CS - Operating Systems","volume":"62 1","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2023-12-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"RASP for LSASS: Preventing Mimikatz-Related Attacks\",\"authors\":\"Anna Revazova, Igor Korkin\",\"doi\":\"arxiv-2401.00316\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The Windows authentication infrastructure relies on the Local Security\\nAuthority (LSA) system, with its integral component being lsass.exe.\\nRegrettably, this framework is not impervious, presenting vulnerabilities that\\nattract threat actors with malicious intent. By exploiting documented\\nvulnerabilities sourced from the CVE database or leveraging sophisticated tools\\nsuch as mimikatz, adversaries can successfully compromise user password-address\\ninformation. In this comprehensive analysis, we delve into proactive measures aimed at\\nfortifying the local authentication subsystem against potential threats.\\nMoreover, we present empirical evidence derived from practical assessments of\\nvarious defensive methodologies, including those articulated previously. This\\nexamination not only underscores the importance of proactive security measures\\nbut also assesses the practical efficacy of these strategies in real-world\\ncontexts.\",\"PeriodicalId\":501333,\"journal\":{\"name\":\"arXiv - CS - Operating Systems\",\"volume\":\"62 1\",\"pages\":\"\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2023-12-30\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"arXiv - CS - Operating Systems\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/arxiv-2401.00316\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"arXiv - CS - Operating Systems","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/arxiv-2401.00316","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
摘要
Windows 身份验证基础架构依赖于本地安全授权(LSA)系统,其不可或缺的组成部分是 lsass.exe。遗憾的是,这个框架并不是无懈可击的,它所存在的漏洞吸引着怀有恶意的威胁者。通过利用 CVE 数据库中记录的漏洞或利用 mimikatz 等复杂工具,对手可以成功入侵用户密码地址信息。在这篇综合分析报告中,我们深入探讨了旨在加强本地身份验证子系统应对潜在威胁的前瞻性措施。此外,我们还介绍了对各种防御方法(包括之前阐述的方法)进行实际评估后得出的经验证据。这项研究不仅强调了主动安全措施的重要性,还评估了这些策略在现实环境中的实际效果。
RASP for LSASS: Preventing Mimikatz-Related Attacks
The Windows authentication infrastructure relies on the Local Security
Authority (LSA) system, with its integral component being lsass.exe.
Regrettably, this framework is not impervious, presenting vulnerabilities that
attract threat actors with malicious intent. By exploiting documented
vulnerabilities sourced from the CVE database or leveraging sophisticated tools
such as mimikatz, adversaries can successfully compromise user password-address
information. In this comprehensive analysis, we delve into proactive measures aimed at
fortifying the local authentication subsystem against potential threats.
Moreover, we present empirical evidence derived from practical assessments of
various defensive methodologies, including those articulated previously. This
examination not only underscores the importance of proactive security measures
but also assesses the practical efficacy of these strategies in real-world
contexts.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
