LSASS.exe is the Local Security Authority Subsystem Service (LSASS). A process in Microsoft Windows operating systems enforcing the security policies on the system. It verifies users logging on to a Windows computer or server, handles password changes, and creates access tokens. This is how SSO across a Windows network happens because of tokens store in your computers memory where LSASS runs.

I show how to access LSASS from your task manager and dump the credentials running in memory to a file. We run this file through Mimikatz to find the passwords and keys stored on a machine. Pen testers use this to test for vulnerabilities and unfortunately hackers use similar methods to steal from you.

In my opinion the best way to protect machines across an enterprise beyond use of EDR and AV is by following a concept of least privilege:
Restrict Access to Local Admin Account
Control Processes Application Can Access
Just In Time Access = GOOD UX
MFA = Correct User
Call Someone Like Me

If you like my content make sure to Like and Subscribe.

Connect with me on LinkedIn: https://www.linkedin.com/in/briankrause/

Please take the opportunity to connect and share this video with your friends and family if you find it useful.