Search For Content
Search Result
2 item(s) found so far for this keyword.
Modify Authentication Process
![Defense Evasion [Mitre] icon](/media/2024/04/08/icons8-burglar.svg){kind=small}
Adversaries may modify authentication mechanisms and processes to access user credentials or enable otherwise unwarranted access to accounts. The authentication process is handled by mechanisms, such as the Local Security Authentication Server (LSASS) process and the Security Accounts Manager (SAM) on Windows, responsible for gathering, storing, and validating credentials. By modifying an authentication process, an adversary may be able to …
Read moreModify Authentication Process: Password Filter DLL
Adversaries may register malicious password filter dynamic link libraries (DLLs) into the authentication process to acquire user credentials as they are validated.
Windows password filters are password policy enforcement mechanisms for both domain and local accounts. Filters are implemented as DLLs containing a method to validate potential passwords against password policies. Filter DLLs can be positioned on local computers …
Read more