Secondary Categories: 02-Persistence
Malicious security support providers can help provide a means of persisting a network, or permissions as it is similar to a security package. A user-mode security extension used to perform authentication during a client/server exchange.
An authenticated package (AP) is used to extend interactive login authentication. An example of this is RSA token based authentication.
SSPs and APs are loaded into lsass at boot.
You can install your own SSP and it will be loaded into lsass.exe
In order to develop you own SSP DLL that can be loaded into lsass the only exported function you need is SpLsaModeInitialize
and can be used to capture usernames and passwords
The DLL can be installed using Powersploitβs persistence module
Resources:
Also Check Out:
- PLACEHOLDER