User passwords are stored in a hashed format in the SAM registry hive either as an LM hash or an NT hash, depending on Group Policy settings. The Security Account Manager (SAM) is a particular registry hive that stores credentials and account information for local users. A registry hive is a section in the registry that contains registry keys, subkeys, and registry values. The Windows Registry is a collection of databases that stores low-level configuration settings and settings for applications. One place of particular interest for an attacker is the Windows Registry. ![]() Extracting Account information from Windows Registry By obtaining additional credentials, an attacker could look to move laterally in the environment by utilizing these credentials to compromise additional systems or services. One of these techniques is OS credential dumping, and some relevant areas of interest are the Windows Registry and the LSASS process memory. There are several post-exploitation techniques that an attacker can utilize to gather information and compromise assets.
0 Comments
Leave a Reply. |