Check out the results from our first round of ATT&CK Evaluations at attackevals.mitre.org!

Lslsass

Lslsass is a publicly-available tool that can dump active logon session password hashes from the lsass process. [1]

ID: S0121
Aliases: Lslsass
Type: TOOL
Platforms: Windows

Version: 1.0

Techniques Used

DomainIDNameUse
EnterpriseT1003Credential DumpingLslsass can dump active logon session password hashes from the lsass process.[1]

Groups

Groups that use this software:

APT1

References