Operator On The Wire
Join
← Back to Knowledge Base
BLUE TEAM / MALWARE REVERSE / ANALYSIS / STATIC / DANGEROUS FUNCS / WIN32

Credential Access

LSASS Access

  • OpenProcess (target: lsass.exe)

  • MiniDumpWriteDump

  • ReadProcessMemory

Token Theft

  • OpenProcessToken

  • DuplicateTokenEx

  • ImpersonateLoggedOnUser

  • SetThreadToken