Showing Articles About
lsass
-
Robert Bearsby Timo Hirvonen - 14 Feb 2020
Rethinking Credential Theft
Physmem2profit is a novel red team tool for credential theft that bypasses traditional LSASS process monitoring. The tool allows remote extraction of credential material by exposing and analyzing physical memory without directly interacting with the LSASS process. It provides an alternative approach to credential theft by leveraging memory forensics techniques on Windows systems.