Security Support Providers (SSPs) and Authentication Packages (APs)

Secondary Categories: 02-Persistence

Malicious security support providers can help provide a means of persisting a network, or permissions as it is similar to a security package. A user-mode security extension used to perform authentication during a client/server exchange.

An authenticated package (AP) is used to extend interactive login authentication. An example of this is RSA token based authentication.

SSPs and APs are loaded into lsass at boot.

You can install your own SSP and it will be loaded into lsass.exe

In order to develop you own SSP DLL that can be loaded into lsass the only exported function you need is SpLsaModeInitialize and can be used to capture usernames and passwords

The DLL can be installed using Powersploit’s persistence module

Resources:

Title	URL
	https://github.com/gentilkiwi/mimikatz/tree/master/mimilib

Also Check Out:

PLACEHOLDER

The Void 🌌

Explorer

Security Support Providers (SSPs) and Authentication Packages (APs)

Resources:

Also Check Out:

Graph View

Backlinks

Recent Blog Posts

No More Network Bottlenecks

Unmasking Secrets - Deciphering Encrypted Passwords through Reverse Engineering

Conquering Goliath as a CCDC Blue Teamer

Explorer

Table of Contents

Recent Blog Posts

No More Network Bottlenecks

Unmasking Secrets - Deciphering Encrypted Passwords through Reverse Engineering

Conquering Goliath as a CCDC Blue Teamer