“Draft:Credential Guard”的意思、由来-开放百科全书

After compromising a system, attackers often attempt to extract any stored credentials for further lateral movement through the network. A prime target is the LSASS process, which stores NTLM and Kerberos credentials. Credential Guard protects LSASS by running it in a virtualized container that even a user with SYSTEM privileges cannot access.^[5] The system then creates a proxy process called LSAIso (LSA Isolated) for communication with the virtualized LSASS process.^[6]

Bypass Techniques

There are several generic techniques for stealing credentials on systems with Credential Guard:

References

1. ^¹{{cite web |url=https://mva.microsoft.com/en-us/training-courses/deep-dive-into-credential-guard-16651?l=cfGBPlIyC_9404300474|title=Deep Dive into Credential Guard, Credential Theft & Lateral Traversal |website=Microsoft Virtual Academy|access-date=17 September 2018}}
2. ^¹{{cite web |url=https://blogs.technet.microsoft.com/ash/2016/03/02/windows-10-device-guard-and-credential-guard-demystified/|title=Windows 10 Device Guard and Credential Guard Demystified|website=Microsoft TechNet, Ash's blog|access-date=17 September 2018}}
3. ^¹²{{cite web |url=https://blog.nviso.be/2018/01/09/windows-credential-guard-mimikatz/|title=Windows Credential Guard & Mimikatz|website=nviso labs|access-date=14 September 2018|date=2018-01-09}}
4. ^¹{{cite web |url=https://docs.microsoft.com/en-us/windows/desktop/w8cookbook/third-party-security-support-providers-with-credential-guard|title=Third party Security Support Providers with Credential Guard|website=Windows Dev Center|access-date=14 September 2018}}
5. ^¹{{cite web |url=https://www.andreafortuna.org/dfir/retrieving-ntlm-hashes-without-touching-lsass-the-internal-monologue-attack/|title=Retrieving NTLM Hashes without touching LSASS: the “Internal Monologue” Attack|website=andreafortuna.org|access-date=5 November 2018}}
6. ^¹{{cite web |url=https://www.blackhat.com/docs/us-16/materials/us-16-Wojtczuk-Analysis-Of-The-Attack-Surface-Of-Windows-10-Virtualization-Based-Security-wp.pdf|title=Analysis of the attack surface of windows 10 virtualization-based security|website=blackhat.com|access-date=13 November 2018}}
7. ^¹{{cite web |url=https://insights.adaptiva.com/2018/windows-10-credential-guard-security/|title=Credential Guard Cheat Sheet|website=insights.adaptiva.com|access-date=13 November 2018}}

词条	Draft:Credential Guard
释义	Summary Bypass Techniques References {{AFC submission\|t\|\|ts=20181103024042\|u=Maslen\|ns=118\|demo=}}{{third party\|date=November 2018}}Credential Guard is a virtualization-based isolation technology for LSASS which prevents attackers from stealing credentials that could be used for pass the hash attacks.^[2]^[3] Credential Guard was introduced with Microsoft's Windows 10 operating system. Summary After compromising a system, attackers often attempt to extract any stored credentials for further lateral movement through the network. A prime target is the LSASS process, which stores NTLM and Kerberos credentials. Credential Guard protects LSASS by running it in a virtualized container that even a user with SYSTEM privileges cannot access.^[5] The system then creates a proxy process called LSAIso (LSA Isolated) for communication with the virtualized LSASS process.^[6] Bypass Techniques There are several generic techniques for stealing credentials on systems with Credential Guard: A keylogger running on the system will capture any typed passwords.^[7] A user with administrator privileges can install a new Security Support Provider (SSP). The new SSP will not be able to access stored password hashes, but will be able to capture all passwords after the SSP is installed.^[7]^[9] Extract stored credentials from another source, as is performed in the "Internal Monologue" attack (which uses SSPI to retrieve crackable NetNTLMv1 hashes). ^[10] References 1. ^¹{{cite web \|url=https://mva.microsoft.com/en-us/training-courses/deep-dive-into-credential-guard-16651?l=cfGBPlIyC_9404300474\|title=Deep Dive into Credential Guard, Credential Theft & Lateral Traversal \|website=Microsoft Virtual Academy\|access-date=17 September 2018}} 2. ^¹{{cite web \|url=https://blogs.technet.microsoft.com/ash/2016/03/02/windows-10-device-guard-and-credential-guard-demystified/\|title=Windows 10 Device Guard and Credential Guard Demystified\|website=Microsoft TechNet, Ash's blog\|access-date=17 September 2018}} 3. ^¹²{{cite web \|url=https://blog.nviso.be/2018/01/09/windows-credential-guard-mimikatz/\|title=Windows Credential Guard & Mimikatz\|website=nviso labs\|access-date=14 September 2018\|date=2018-01-09}} 4. ^¹{{cite web \|url=https://docs.microsoft.com/en-us/windows/desktop/w8cookbook/third-party-security-support-providers-with-credential-guard\|title=Third party Security Support Providers with Credential Guard\|website=Windows Dev Center\|access-date=14 September 2018}} 5. ^¹{{cite web \|url=https://www.andreafortuna.org/dfir/retrieving-ntlm-hashes-without-touching-lsass-the-internal-monologue-attack/\|title=Retrieving NTLM Hashes without touching LSASS: the “Internal Monologue” Attack\|website=andreafortuna.org\|access-date=5 November 2018}} 6. ^¹{{cite web \|url=https://www.blackhat.com/docs/us-16/materials/us-16-Wojtczuk-Analysis-Of-The-Attack-Surface-Of-Windows-10-Virtualization-Based-Security-wp.pdf\|title=Analysis of the attack surface of windows 10 virtualization-based security\|website=blackhat.com\|access-date=13 November 2018}} 7. ^¹{{cite web \|url=https://insights.adaptiva.com/2018/windows-10-credential-guard-security/\|title=Credential Guard Cheat Sheet\|website=insights.adaptiva.com\|access-date=13 November 2018}} ^[1]^[2]^[3]^[4]^[5]^[6]^[7] }}{{Windows Components}}Category:Windows 10Category:Microsoft Windows security technology
随便看	Rue Huvelin Rueifang, Taipei RUEI FONG Elementary School Rueil-la-Gadeliere Rueil-la-Gadelière Rueil-Malmaison, France Rueisuei, Hualien Rue Jean Talon Rue Joubert Rue La Boetie Rue La Boétie Rue Laffitte Rue Lainerie Rue Lanterne Ruelas Rue Laurier (Gatineau) Ruel (disambiguation) Rue Lepic Ruelisheim Ruelle Ruelle (disambiguation) Ruelle-Frobenius-Perron operator Ruelle-sur-Touvre Ruelle–Perron–Frobenius theorem Ruellia amoena

Summary

Bypass Techniques

References