{"id":13470,"date":"2021-08-29T20:38:15","date_gmt":"2021-08-29T16:08:15","guid":{"rendered":"https:\/\/liangroup.net\/blog\/?p=13470"},"modified":"2021-08-29T22:37:24","modified_gmt":"2021-08-29T18:07:24","slug":"credential-dumping-with-lsa-enabled","status":"publish","type":"post","link":"https:\/\/liangroup.net\/blog\/credential-dumping-with-lsa-enabled\/","title":{"rendered":"\u0627\u0633\u062a\u062e\u0631\u0627\u062c \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u0647\u0648\u06cc\u062a\u06cc \u0627\u0632 \u062d\u0627\u0641\u0638\u0647 \u062f\u0627\u0631\u0627\u06cc \u062d\u0641\u0627\u0638\u062a LSA"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"13470\" class=\"elementor elementor-13470\" data-elementor-post-type=\"post\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-8da0b84 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"8da0b84\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-05f97f1\" data-id=\"05f97f1\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-f5437af elementor-widget elementor-widget-text-editor\" data-id=\"f5437af\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p style=\"text-align: justify;\"><strong>\u0646\u0648\u06cc\u0633\u0646\u062f\u0647: \u0633\u0627\u0644\u0627\u0631 \u0628\u062e\u062a\u06cc\u0627\u0631\u06cc<\/strong><\/p><p style=\"text-align: justify;\">\u062f\u0631 \u0627\u06cc\u0646 \u0645\u0642\u0627\u0644\u0647 \u0642\u0635\u062f \u062f\u0627\u0631\u0645 \u0646\u062d\u0648\u0647 \u06a9\u0627\u0631 <strong>\u062d\u0641\u0627\u0638\u062a <\/strong><strong>LSA<\/strong> \u06cc\u0627 <strong>\u00ab<\/strong><strong>Protected Process Light<\/strong><strong>\u00bb<\/strong>\u060c \u0648 \u0646\u062d\u0648\u0647 \u062f\u0648\u0631\u0632\u062f\u0646 \u0622\u0646 \u0628\u0631\u0627\u06cc \u062f\u0627\u0645\u067e\u200c\u06a9\u0631\u062f\u0646 \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u0647\u0648\u06cc\u062a\u06cc \u06a9\u0634\u200c\u0634\u062f\u0647 \u062f\u0631 \u062d\u0627\u0641\u0638\u0647 \u0631\u0627 \u062a\u0648\u0636\u06cc\u062d \u062f\u0647\u0645. \u0642\u0628\u0644 \u0627\u0632 \u0627\u06cc\u0646 \u06a9\u0647 \u0648\u0627\u0631\u062f \u0645\u0628\u062d\u062b \u062f\u0627\u0645\u067e\u200c\u06a9\u0631\u062f\u0646 \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u0647\u0648\u06cc\u062a\u06cc \u06a9\u0634\u200c\u0634\u062f\u0647 \u06cc\u0627 \u0628\u062d\u062b \u062f\u0631\u0628\u0627\u0631\u0647 \u062d\u0641\u0627\u0638\u062a LSA \u0634\u0648\u06cc\u0645\u060c \u0644\u0627\u0632\u0645 \u0627\u0633\u062a \u0628\u0627 \u062f\u0633\u062a\u0631\u0633\u06cc\u200c\u0647\u0627\u06cc \u0627\u062e\u062a\u0635\u0627\u0635\u200c\u06cc\u0627\u0641\u062a\u0647 (assigned rights) \u0648 \u0633\u0637\u0648\u062d \u06cc\u06a9\u067e\u0627\u0631\u0686\u06af\u06cc \u067e\u0631\u0648\u0633\u0633 (process integrity levels) \u0622\u0634\u0646\u0627 \u0634\u0648\u06cc\u0645 \u06a9\u0647 \u0628\u062e\u0634\u06cc \u0627\u0632 \u062a\u0648\u06a9\u0646\u200c\u0647\u0627\u06cc \u062f\u0633\u062a\u0631\u0633\u06cc \u062f\u0631 \u0633\u06cc\u0633\u062a\u0645\u200c\u0639\u0627\u0645\u0644 \u0648\u06cc\u0646\u062f\u0648\u0632 \u0647\u0633\u062a\u0646\u062f.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-cb07bc7 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"cb07bc7\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-b12af11\" data-id=\"b12af11\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-97d013d elementor-widget elementor-widget-text-editor\" data-id=\"97d013d\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h2><strong>\u0633\u0637\u062d \u06cc\u06a9\u067e\u0627\u0631\u0686\u06af\u06cc \u067e\u0631\u0648\u0633\u0633<\/strong><\/h2><p style=\"text-align: justify;\">\u062f\u0631 \u0648\u06cc\u0646\u062f\u0648\u0632 \u0648\u06cc\u0633\u062a\u0627 \u0648 \u0646\u0633\u062e\u0647\u200c\u0647\u0627\u06cc \u0628\u0639\u062f\u06cc \u0648\u06cc\u0646\u062f\u0648\u0632\u060c \u067e\u0631\u0648\u0633\u0633\u200c\u0647\u0627 \u062f\u0631 \u0633\u0647 \u0633\u0637\u062d \u0645\u062e\u062a\u0644\u0641 \u0627\u0632 \u06cc\u06a9\u067e\u0627\u0631\u0686\u06af\u06cc \u0627\u062c\u0631\u0627 \u0645\u06cc\u200c\u200c\u200c\u0634\u0648\u0646\u062f: \u0633\u06cc\u0633\u062a\u0645 (System)\u060c \u0628\u0627\u0644\u0627 (high)\u060c \u0645\u062a\u0648\u0633\u0637 (medium) \u0648 \u067e\u0627\u06cc\u06cc\u0646 (low). \u06cc\u06a9\u067e\u0627\u0631\u0686\u06af\u06cc \u067e\u0627\u06cc\u06cc\u0646 \u0628\u0631\u0627\u06cc \u067e\u0631\u0648\u0633\u0633\u200c\u0647\u0627\u06cc \u0633\u0646\u062f\u0628\u0627\u06a9\u0633\u200c\u0634\u062f\u0647 \u0645\u0627\u0646\u0646\u062f \u0645\u0631\u0648\u0631\u06af\u0631\u0647\u0627\u06cc \u0648\u0628 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0645\u06cc\u200c\u0634\u0648\u062f. \u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646\u200c\u0647\u0627\u06cc\u06cc \u06a9\u0647 \u062f\u0631 \u0641\u0636\u0627\u06cc \u06a9\u0627\u0631\u06cc \u06cc\u06a9 \u06a9\u0627\u0631\u0628\u0631 \u0645\u0639\u0645\u0648\u0644\u06cc \u0634\u0631\u0648\u0639 \u0628\u0647 \u06a9\u0627\u0631 \u06a9\u0646\u0646\u062f \u0628\u0627 \u06cc\u06a9\u067e\u0627\u0631\u0686\u06af\u06cc \u0645\u062a\u0648\u0633\u0637 \u0627\u062c\u0631\u0627 \u0645\u06cc\u200c\u0634\u0648\u0646\u062f\u060c \u0648 \u0627\u062f\u0645\u06cc\u0646\u200c\u0647\u0627 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u0646\u062f \u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646\u200c\u0647\u0627 \u0631\u0627 \u0628\u0627 \u06cc\u06a9\u067e\u0627\u0631\u0686\u06af\u06cc \u0628\u0627\u0644\u0627 \u0627\u062c\u0631\u0627 \u06a9\u0646\u0646\u062f. \u06cc\u06a9\u067e\u0627\u0631\u0686\u06af\u06cc \u0633\u0637\u062d \u0633\u06cc\u0633\u062a\u0645 \u0645\u0639\u0645\u0648\u0644\u0627 \u0641\u0642\u0637 \u0628\u0631\u0627\u06cc \u0633\u0631\u0648\u06cc\u0633\u200c\u0647\u0627\u06cc SYSTEM \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0645\u06cc\u200c\u0634\u0648\u062f. \u0627\u06af\u0631 \u0645\u06cc\u200c\u062e\u0648\u0627\u0647\u06cc\u062f \u0633\u0637\u062d \u06cc\u06a9\u067e\u0627\u0631\u0686\u06af\u06cc \u06cc\u06a9 \u067e\u0631\u0648\u0633\u0633 \u062e\u0627\u0635 \u0631\u0627 \u0628\u0628\u06cc\u0646\u06cc\u062f\u060c \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u06cc\u062f \u0627\u0632 \u067e\u0631\u0648\u0633\u0633 \u0627\u06a9\u0633\u067e\u0644\u0648\u0631\u0631 (procexp.exe) \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u06a9\u0646\u06cc\u062f \u06a9\u0647 \u0628\u062e\u0634\u06cc \u0627\u0632 \u0627\u0628\u0632\u0627\u0631 Sysinternals \u0627\u0633\u062a. \u0628\u0647 \u0635\u0648\u0631\u062a \u067e\u06cc\u0634\u200c\u0641\u0631\u0636\u060c \u0627\u0645\u06a9\u0627\u0646 \u0645\u0634\u0627\u0647\u062f\u0647 \u0633\u0637\u062d \u06cc\u06a9\u067e\u0627\u0631\u0686\u06af\u06cc \u067e\u0631\u0648\u0633\u0633\u200c\u0647\u0627\u06cc \u062f\u0631 \u062d\u0627\u0644 \u0627\u062c\u0631\u0627 \u0648\u062c\u0648\u062f \u0646\u062f\u0627\u0631\u062f \u0648 \u0628\u0631\u0627\u06cc \u0627\u06cc\u0646 \u06a9\u0627\u0631 \u0627\u0628\u062a\u062f\u0627 \u0628\u0627\u06cc\u062f \u0628\u0647 \u062a\u0628 \u00abView\u00bb \u0631\u0641\u062a\u0647 \u0648 \u0633\u067e\u0633 \u00abselect columns\u00bb \u0631\u0627 \u0627\u0646\u062a\u062e\u0627\u0628 \u06a9\u0631\u062f\u0647 \u0648 \u0633\u067e\u0633 \u062a\u06cc\u06a9 \u00abIntegrity Level\u00bb \u0631\u0627 \u0628\u0632\u0646\u06cc\u062f.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-f33e8d9 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"f33e8d9\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-54d42bd\" data-id=\"54d42bd\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-a761a40 elementor-widget elementor-widget-image\" data-id=\"a761a40\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img fetchpriority=\"high\" decoding=\"async\" width=\"471\" height=\"584\" src=\"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2021\/08\/1-1.png\" class=\"attachment-large size-large wp-image-13473\" alt=\"\u0646\u0645\u0627\u06cc\u0634 process integrity level\" srcset=\"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2021\/08\/1-1.png 471w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2021\/08\/1-1-242x300.png 242w\" sizes=\"(max-width: 471px) 100vw, 471px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-6c8abd5 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"6c8abd5\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-62195da\" data-id=\"62195da\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-4e798a8 elementor-widget elementor-widget-image\" data-id=\"4e798a8\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" width=\"875\" height=\"160\" src=\"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2021\/08\/2.png\" class=\"attachment-large size-large wp-image-13480\" alt=\"\u0645\u062b\u0627\u0644\u06cc \u0627\u0632 integrity level\" srcset=\"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2021\/08\/2.png 875w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2021\/08\/2-300x55.png 300w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2021\/08\/2-768x140.png 768w\" sizes=\"(max-width: 875px) 100vw, 875px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-7a27964 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"7a27964\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-e2ec3b1\" data-id=\"e2ec3b1\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-d1b2ec9 elementor-widget elementor-widget-text-editor\" data-id=\"d1b2ec9\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h3><strong>\u062f\u0633\u062a\u0631\u0633\u06cc\u200c\u0647\u0627\u06cc \u0627\u062e\u062a\u0635\u0627\u0635\u200c\u06cc\u0627\u0641\u062a\u0647 <\/strong><\/h3><p style=\"text-align: justify;\">\u062f\u0633\u062a\u0631\u0633\u06cc\u200c\u0647\u0627\u06cc \u0627\u062e\u062a\u0635\u0627\u0635\u200c\u06cc\u0627\u0641\u062a\u0647 (\u06cc\u0627 privileges) \u0647\u0645 \u062f\u0631 \u062a\u0648\u06a9\u0646 \u062f\u0633\u062a\u0631\u0633\u06cc \u06af\u0646\u062c\u0627\u0646\u062f\u0647 \u0634\u062f\u0647\u200c\u0627\u0646\u062f \u0648 \u0645\u062c\u0645\u0648\u0639\u0647\u200c\u0627\u06cc \u0627\u0632 \u0645\u062c\u0648\u0632\u0647\u0627\u06cc \u062f\u0633\u062a\u0631\u0633\u06cc \u0627\u0632\u067e\u06cc\u0634\u200c\u062a\u0639\u0631\u06cc\u0641\u200c\u0634\u062f\u0647 \u062f\u0631 \u0633\u06cc\u0633\u062a\u0645\u200c\u0639\u0627\u0645\u0644\u200c \u0647\u0633\u062a\u0646\u062f \u06a9\u0647 \u062a\u0639\u06cc\u06cc\u0646 \u0645\u06cc\u200c\u06a9\u0646\u0646\u062f \u06cc\u06a9 \u067e\u0631\u0648\u0633\u0633 \u0627\u062c\u0627\u0632\u0647\u200c\u06cc \u0627\u0646\u062c\u0627\u0645 \u0686\u0647 \u0627\u0642\u062f\u0627\u0645\u0627\u062a\u06cc \u0631\u0627 \u062f\u0627\u0631\u062f. \u0628\u0627 \u062a\u0627\u06cc\u067e \u062f\u0633\u062a\u0648\u0631 whoami\/priv \u062f\u0631 \u067e\u0627\u0648\u0631\u0634\u0644 \u06cc\u0627 \u062a\u0631\u0645\u06cc\u0646\u0627\u0644 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646 \u062f\u0633\u062a\u0631\u0633\u06cc\u200c\u0647\u0627\u06cc \u06a9\u0627\u0631\u0628\u0631 \u0641\u0639\u0644\u06cc \u0631\u0627 \u0645\u0634\u0627\u0647\u062f\u0647 \u06a9\u0631\u062f.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-e2b745a elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"e2b745a\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-52633cc\" data-id=\"52633cc\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-fa84069 elementor-widget elementor-widget-image\" data-id=\"fa84069\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" width=\"875\" height=\"300\" src=\"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2021\/08\/3.png\" class=\"attachment-large size-large wp-image-13481\" alt=\"\u0646\u0645\u0627\u06cc\u0634 \u062f\u0633\u062a\u0631\u0633\u06cc \u0647\u0627\u06cc \u06a9\u0627\u0631\u0628\u0631\" srcset=\"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2021\/08\/3.png 875w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2021\/08\/3-300x103.png 300w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2021\/08\/3-768x263.png 768w\" sizes=\"(max-width: 875px) 100vw, 875px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-137c19e elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"137c19e\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-4723c74\" data-id=\"4723c74\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-1ec55c9 elementor-widget elementor-widget-text-editor\" data-id=\"1ec55c9\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p style=\"text-align: center;\"><span style=\"color: #3366ff; font-size: 14pt;\"><strong>\u0628\u0627 \u0634\u0631\u06a9\u062a \u062f\u0631 \u062f\u0648\u0631\u0647\u200c\u0647\u0627\u06cc \u062c\u0627\u0645\u0639 \u0628\u0627\u0632\u0627\u0631 \u06a9\u0627\u0631 \u0627\u0645\u0646\u06cc\u062a \u0648 \u062a\u0633\u062a \u0646\u0641\u0648\u0630 \u0648\u0628\u060c \u0628\u0647 \u062c\u0627\u0645\u0639\u0647 \u06a9\u0627\u0631\u0634\u0646\u0627\u0633\u0627\u0646 \u0627\u0645\u0646\u06cc\u062a \u0628\u067e\u06cc\u0648\u0646\u062f\u06cc\u062f:<\/strong><\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<section class=\"elementor-section elementor-inner-section elementor-element elementor-element-4c6b862 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"4c6b862\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-50 elementor-inner-column elementor-element elementor-element-063da4a\" data-id=\"063da4a\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-eb68ff4 elementor-button-info elementor-align-center elementor-widget elementor-widget-button\" data-id=\"eb68ff4\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"button.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-button-wrapper\">\n\t\t\t\t\t<a class=\"elementor-button elementor-button-link elementor-size-md\" href=\"https:\/\/academy.liangroup.net\/training-course\/web-pentest-package?subCourseId=48\" target=\"_blank\">\n\t\t\t\t\t\t<span class=\"elementor-button-content-wrapper\">\n\t\t\t\t\t\t\t\t\t<span class=\"elementor-button-text\">\u062f\u0648\u0631\u0647 \u062c\u0627\u0645\u0639 \u0627\u0645\u0646\u06cc\u062a \u0648\u0628<\/span>\n\t\t\t\t\t<\/span>\n\t\t\t\t\t<\/a>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"elementor-column elementor-col-50 elementor-inner-column elementor-element elementor-element-1ad103e\" data-id=\"1ad103e\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-2bdb2fb elementor-button-info elementor-align-center elementor-widget elementor-widget-button\" data-id=\"2bdb2fb\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"button.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-button-wrapper\">\n\t\t\t\t\t<a class=\"elementor-button elementor-button-link elementor-size-md\" href=\"https:\/\/academy.liangroup.net\/training-course\/security-job-preparation-package?subCourseId=38\" target=\"_blank\">\n\t\t\t\t\t\t<span class=\"elementor-button-content-wrapper\">\n\t\t\t\t\t\t\t\t\t<span class=\"elementor-button-text\">\u062f\u0648\u0631\u0647 \u062c\u0627\u0645\u0639 \u0628\u0627\u0632\u0627\u0631 \u06a9\u0627\u0631 \u0627\u0645\u0646\u06cc\u062a<\/span>\n\t\t\t\t\t<\/span>\n\t\t\t\t\t<\/a>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-103934d elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"103934d\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-e4903ee\" data-id=\"e4903ee\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-f029740 elementor-widget elementor-widget-text-editor\" data-id=\"f029740\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p style=\"text-align: justify;\">\u0627\u06af\u0631 \u0633\u0639\u06cc \u06a9\u0646\u06cc\u0645 \u062f\u0633\u062a\u0631\u0633\u06cc\u200c\u0647\u0627\u06cc \u0627\u062e\u062a\u0635\u0627\u0635\u200c\u06cc\u0627\u0641\u062a\u0647 \u0628\u0647 \u06a9\u0627\u0631\u0628\u0631\u06cc \u0631\u0627 \u062a\u063a\u06cc\u06cc\u0631 \u062f\u0647\u06cc\u0645 \u06a9\u0647 \u06cc\u06a9 \u0633\u0634\u0646 \u0644\u0627\u06af\u200c\u0622\u0646 \u0641\u0639\u0627\u0644 \u062f\u0627\u0631\u062f\u060c \u062a\u0627 \u0648\u0642\u062a\u06cc \u06a9\u0647 \u06a9\u0627\u0631\u0628\u0631 \u0644\u0627\u06af\u200c\u0622\u0648\u062a \u0648 \u0645\u062c\u062f\u062f\u0627 \u0644\u0627\u06af\u06cc\u0646 \u0646\u06a9\u0646\u062f\u060c \u062a\u063a\u06cc\u06cc\u0631\u0627\u062a \u0627\u0639\u0645\u0627\u0644 \u0646\u0634\u062f\u0647 \u0648 \u062f\u0633\u062a\u0631\u0633\u06cc\u200c\u0647\u0627 \u06a9\u0645 \u06cc\u0627 \u0632\u06cc\u0627\u062f \u0646\u0645\u06cc\u200c\u0634\u0648\u0646\u062f. \u062f\u0633\u062a\u0631\u0633\u06cc\u200c\u0647\u0627 \u0631\u0627 \u0628\u0647 \u062f\u0648 \u0637\u0631\u06cc\u0642 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646 \u0627\u0636\u0627\u0641\u0647 \u06a9\u0631\u062f:<\/p><ul style=\"text-align: justify;\"><li>\u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u062a\u0627\u0628\u0639 <strong>LsaAddAccountRights<\/strong> \u0645\u062a\u0639\u0644\u0642 \u0628\u0647 Advapi32 API<\/li><li>\u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 <b>secpol.msc<\/b><\/li><\/ul><p style=\"text-align: justify;\">\u0645\u0646 \u062f\u0631 \u0627\u06cc\u0646 \u0645\u0642\u0627\u0644\u0647 \u0627\u0632 \u067e\u0646\u062c\u0631\u0647 \u06af\u0631\u0627\u0641\u06cc\u06a9\u06cc secpol.msc \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u062e\u0648\u0627\u0647\u0645 \u06a9\u0631\u062f \u06a9\u0647 \u0627\u0632 \u0631\u0648\u0634 \u062f\u06cc\u06af\u0631 \u0633\u0627\u062f\u0647\u200c\u062a\u0631 \u0627\u0633\u062a. \u067e\u0633 \u0627\u0632 \u062a\u0627\u06cc\u067e secpol.msc \u062f\u0631 \u062a\u0631\u0645\u06cc\u0646\u0627\u0644\u060c \u067e\u0627\u0648\u0631\u0634\u0644 \u06cc\u0627 \u067e\u0646\u062c\u0631\u0647 Run\u060c \u06cc\u06a9 \u067e\u0646\u062c\u0631\u0647 \u062c\u062f\u06cc\u062f \u0628\u0627\u0632 \u0645\u06cc\u200c\u0634\u0648\u062f. \u062f\u0631 \u0627\u06cc\u0646 \u067e\u0646\u062c\u0631\u0647 \u0628\u0627\u06cc\u062f \u0628\u0647 \u0628\u062e\u0634 Security Settings \u0648 \u0633\u067e\u0633 \u0628\u0647 \u0628\u062e\u0634 User Rights Assignment \u0628\u0631\u0648\u06cc\u0645.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-1078d80 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"1078d80\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-926710e\" data-id=\"926710e\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-9aeb4e3 elementor-widget elementor-widget-image\" data-id=\"9aeb4e3\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"875\" height=\"423\" src=\"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2021\/08\/4.png\" class=\"attachment-large size-large wp-image-13482\" alt=\"\u062a\u063a\u06cc\u06cc\u0631 \u062f\u0633\u062a\u0631\u0633\u06cc \u0647\u0627\u06cc \u06a9\u0627\u0631\u0628\u0631\" srcset=\"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2021\/08\/4.png 875w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2021\/08\/4-300x145.png 300w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2021\/08\/4-768x371.png 768w\" sizes=\"(max-width: 875px) 100vw, 875px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-d7680df elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"d7680df\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-754cf85\" data-id=\"754cf85\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-3a14013 elementor-widget elementor-widget-text-editor\" data-id=\"3a14013\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h2><strong>\u062f\u0627\u0645\u067e\u200c\u06a9\u0631\u062f\u0646 \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u0647\u0648\u06cc\u062a\u06cc \u0627\u0632 \u067e\u0631\u0648\u0633\u0633 <\/strong><strong>LSASS<\/strong><\/h2><p style=\"text-align: justify;\">\u067e\u0631\u0648\u0633\u0633 LSASS \u06cc\u06a9 \u067e\u0631\u0648\u0633\u0633 \u0633\u06cc\u0633\u062a\u0645\u06cc \u0627\u0633\u062a \u0648 \u0628\u0647 \u0647\u0645\u06cc\u0646 \u062e\u0627\u0637\u0631 \u0628\u0631\u0627\u06cc \u062f\u0633\u062a\u0631\u0633\u06cc \u0628\u0647 \u0647\u0634\u200c\u0647\u0627\u06cc \u0630\u062e\u06cc\u0631\u0647\u200c\u0634\u062f\u0647 \u0631\u0648\u06cc \u0645\u0627\u0634\u06cc\u0646 \u0647\u062f\u0641\u060c \u0628\u0647 \u0645\u062c\u0648\u0632\u0647\u0627\u06cc \u0627\u062f\u0645\u06cc\u0646 \u0644\u0648\u06a9\u0627\u0644 (\u062f\u0633\u062a\u0631\u0633\u06cc \u0634\u0644 \u0628\u0627 \u06cc\u06a9\u067e\u0627\u0631\u0686\u06af\u06cc \u0628\u0627\u0644\u0627 \u06cc\u0627 \u0633\u06cc\u0633\u062a\u0645) \u0646\u06cc\u0627\u0632 \u062f\u0627\u0631\u06cc\u0645. \u0627\u0632 \u0637\u0631\u0641 \u062f\u06cc\u06af\u0631\u060c \u0627\u06af\u0631 \u06a9\u0627\u0631\u0628\u0631 \u0641\u0639\u0644\u06cc \u062f\u0633\u062a\u0631\u0633\u06cc <strong>SubDebugPrivilege<\/strong> \u0631\u0627 \u062f\u0627\u0634\u062a\u0647 \u0628\u0627\u0634\u062f\u060c \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u06cc\u0645 \u067e\u0631\u0648\u0633\u0633\u06cc \u0631\u0627 \u0628\u062e\u0648\u0627\u0646\u06cc\u0645 \u06cc\u0627 \u062a\u063a\u06cc\u06cc\u0631 \u062f\u0647\u06cc\u0645 \u06a9\u0647 \u062a\u062d\u062a \u0645\u0627\u0644\u06a9\u06cc\u062a \u06cc\u06a9 \u06a9\u0627\u0631\u0628\u0631 \u062f\u06cc\u06af\u0631 \u0627\u0633\u062a (\u06cc\u0639\u0646\u06cc \u067e\u0631\u0648\u0633\u0633\u06cc \u06a9\u0647 owner \u0622\u0646 \u06a9\u0627\u0631\u0628\u0631 \u062f\u06cc\u06af\u0631\u06cc \u0628\u0627\u0634\u062f). \u062d\u0627\u0644\u0627 \u0628\u0627 \u062f\u0627\u0646\u0633\u062a\u0646 \u0627\u06cc\u0646 \u0645\u0648\u0636\u0648\u0639\u060c \u0627\u0632 <strong><a href=\"https:\/\/liangroup.net\/blog\/pentest-with-metasploit\/\" target=\"_blank\" rel=\"noopener\">mimikatz<\/a><\/strong> \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u06a9\u0631\u062f\u0647 \u0648 \u0633\u0639\u06cc \u0645\u06cc\u200c\u06a9\u0646\u06cc\u0645 \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u0647\u0648\u06cc\u062a\u06cc \u06a9\u0634\u200c\u0634\u062f\u0647 \u0631\u0627 \u0628\u0647 \u0635\u0648\u0631\u062a \u0632\u06cc\u0631 \u062f\u0627\u0645\u067e \u06a9\u0646\u06cc\u0645:<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-c0c01ae elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"c0c01ae\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-dbc9a4c\" data-id=\"dbc9a4c\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-c046ddb elementor-widget elementor-widget-text-editor\" data-id=\"c046ddb\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p style=\"text-align: left;\"><span style=\"color: #ffffff;\"><code dir=\"ltr\">privilege::debug<br \/>\nsekurlsa::logonpasswords<br \/>\n<\/code><\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-af2add3 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"af2add3\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-81dea16\" data-id=\"81dea16\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-27bfa81 elementor-widget elementor-widget-image\" data-id=\"27bfa81\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"875\" height=\"509\" src=\"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2021\/08\/5.png\" class=\"attachment-large size-large wp-image-13487\" alt=\"\u062f\u0627\u0645\u067e \u06a9\u0631\u062f\u0646 \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u0647\u0648\u06cc\u062a\u06cc \u06a9\u0634\u200c\u0634\u062f\u0647\" srcset=\"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2021\/08\/5.png 875w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2021\/08\/5-300x175.png 300w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2021\/08\/5-768x447.png 768w\" sizes=\"(max-width: 875px) 100vw, 875px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-fe38396 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"fe38396\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-193466c\" data-id=\"193466c\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-7ccfc53 elementor-widget elementor-widget-text-editor\" data-id=\"7ccfc53\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p style=\"text-align: justify;\">\u062f\u0631 \u0634\u0631\u0627\u06cc\u0637 \u0645\u0639\u0645\u0648\u0644\u06cc \u0628\u0627 \u0627\u062c\u0631\u0627\u06cc \u0627\u06cc\u0646 \u062f\u0633\u062a\u0648\u0631\u0627\u062a \u0647\u0634 NTLM \u0648 \u062d\u062a\u06cc \u06af\u0627\u0647\u06cc \u0627\u0648\u0642\u0627\u062a \u0645\u062a\u0646 \u062e\u0627\u0645 \u067e\u0633\u0648\u0631\u062f\u0647\u0627\u06cc \u06a9\u0627\u0631\u0628\u0631\u0627\u0646\u06cc \u0631\u0627 \u062f\u0631\u06cc\u0627\u0641\u062a \u0645\u06cc\u200c\u06a9\u0631\u062f\u06cc\u0645 \u06a9\u0647 \u0631\u0648\u06cc \u0633\u06cc\u0633\u062a\u0645 \u0641\u0639\u0644\u06cc \u0644\u0627\u06af\u200c\u0627\u06cc\u0646 \u06a9\u0631\u062f\u0647 \u0628\u0648\u062f\u0646\u062f\u061b \u0648\u0644\u06cc \u0628\u0647 \u062e\u0627\u0637\u0631 \u062d\u0641\u0627\u0638\u062a LSA \u06a9\u0647 \u0628\u0627 \u0646\u0627\u0645 Protected Process Light (PPL) \u0647\u0645 \u0634\u0646\u0627\u062e\u062a\u0647 \u0645\u06cc\u200c\u0634\u0648\u062f\u060c \u0645\u062a\u0648\u0642\u0641 \u0634\u062f\u06cc\u0645.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-e223a70 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"e223a70\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-052e9b3\" data-id=\"052e9b3\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-5a43737 elementor-widget elementor-widget-text-editor\" data-id=\"5a43737\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h3><strong>\u0686\u0631\u0627 \u0645\u0648\u0641\u0642 \u0646\u0634\u062f\u06cc\u0645\u061f\u00a0<\/strong><\/h3><p style=\"text-align: justify;\">\u062f\u0631 \u06af\u0630\u0634\u062a\u0647\u060c \u062f\u0627\u0645\u067e\u200c\u06a9\u0631\u062f\u0646 \u067e\u0633\u0648\u0631\u062f \u0637\u0631\u0641\u062f\u0627\u0631\u0627\u0646 \u0632\u06cc\u0627\u062f\u06cc \u067e\u06cc\u062f\u0627 \u06a9\u0631\u062f\u0647 \u0628\u0648\u062f \u0648 \u067e\u0631\u0648\u0698\u0647 mimikatz \u0646\u06cc\u0632 \u0628\u0647 \u0647\u0645\u06cc\u0646 \u0639\u0644\u062a \u0634\u0647\u0631\u062a \u0632\u06cc\u0627\u062f\u06cc \u06cc\u0627\u0641\u062a\u0647 \u0628\u0648\u062f. \u0628\u0647 \u0647\u0645\u06cc\u0646 \u062e\u0627\u0637\u0631 \u0645\u0627\u06cc\u06a9\u0631\u0648\u0633\u0627\u0641\u062a \u062a\u0635\u0645\u06cc\u0645 \u06af\u0631\u0641\u062a \u0628\u0627 \u0627\u0646\u062a\u0634\u0627\u0631 \u062d\u0641\u0627\u0638\u062a LSA \u0648 Credential Guard (\u06a9\u0647 \u0628\u062e\u0634\u06cc \u0627\u0632 \u0648\u06cc\u0646\u062f\u0648\u0632 \u062f\u06cc\u0641\u0646\u062f\u0631 \u0627\u0633\u062a) \u0627\u06cc\u0646 \u0645\u0634\u06a9\u0644 \u0631\u0627 \u0628\u0631\u0637\u0631\u0641 \u06a9\u0646\u062f. \u0645\u0627 \u062f\u0631 \u0628\u062e\u0634\u200c\u0647\u0627\u06cc \u0628\u0639\u062f\u06cc \u0627\u06cc\u0646 \u0645\u0642\u0627\u0644\u0647 \u0627\u0632 \u0627\u06cc\u0646 \u0645\u0627\u0646\u0639 \u0639\u0628\u0648\u0631 \u062e\u0648\u0627\u0647\u06cc\u0645 \u06a9\u0631\u062f\u060c \u0648\u0644\u06cc \u067e\u06cc\u0634 \u0627\u0632 \u0622\u0646 \u0628\u0627\u06cc\u062f \u0628\u062f\u0627\u0646\u06cc\u0645 \u062d\u0641\u0627\u0638\u062a LSA \u0686\u06cc\u0633\u062a \u0648 \u0686\u06af\u0648\u0646\u0647 \u06a9\u0627\u0631 \u0645\u06cc\u200c\u06a9\u0646\u062f. \u062d\u0641\u0627\u0638\u062a LSA \u0628\u0647 \u0637\u0648\u0631 \u067e\u06cc\u0634\u0641\u0631\u0636 \u0641\u0639\u0627\u0644 \u0646\u06cc\u0633\u062a \u0648 \u062f\u0633\u062a\u0648\u0631\u0627\u062a \u0628\u0627\u0644\u0627 \u06a9\u0627\u0631 \u0645\u06cc\u200c\u06a9\u0646\u0646\u062f\u060c \u0627\u0645\u0627 \u0645\u0646 \u062d\u0641\u0627\u0638\u062a LSA \u0631\u0627 \u0627\u0632 \u0639\u0645\u062f \u0631\u0648\u0634\u0646 \u06a9\u0631\u062f\u0645 \u062a\u0627 \u0628\u0627 \u0627\u0631\u0648\u0631 \u0628\u0627\u0644\u0627 \u0645\u0648\u0627\u062c\u0647 \u0634\u062f\u0647 \u0648 \u067e\u0633 \u0627\u0632 \u0622\u0646 \u0628\u0627 \u062d\u0641\u0627\u0638\u062a LSA \u0622\u0634\u0646\u0627 \u0634\u0648\u06cc\u0645 \u0648 \u0646\u062d\u0648\u0647\u200c\u06cc \u062f\u0648\u0631\u0632\u062f\u0646 \u0622\u0646 \u0631\u0627 \u0628\u06cc\u0627\u0645\u0648\u0632\u06cc\u0645.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-7102185 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"7102185\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-0e2b784\" data-id=\"0e2b784\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-ae2809a elementor-widget elementor-widget-text-editor\" data-id=\"ae2809a\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h2><strong>Protected Process Light<\/strong><strong>\u00a0<\/strong><\/h2><p>\u0645\u0627\u06cc\u06a9\u0631\u0648\u0633\u0627\u0641\u062a \u0628\u0647 \u0647\u0645\u0631\u0627\u0647 \u0648\u06cc\u0646\u062f\u0648\u0632 8.1 \u0642\u0627\u0628\u0644\u06cc\u062a\u06cc \u0628\u0647 \u0646\u0627\u0645 Protected Process Light \u06cc\u0627 \u0628\u0647 \u0627\u062e\u062a\u0635\u0627\u0631 PPL \u0631\u0627 \u0645\u0639\u0631\u0641\u06cc \u06a9\u0631\u062f \u06a9\u0647 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u06cc\u06a9 \u0644\u0627\u06cc\u0647 \u0627\u0636\u0627\u0641\u06cc \u0628\u0627\u0644\u0627\u06cc \u0633\u0637\u0648\u062d \u06cc\u06a9\u067e\u0627\u0631\u0686\u06af\u06cc \u0641\u0639\u0644\u06cc \u0627\u06cc\u062c\u0627\u062f \u06a9\u0646\u062f\u061b \u06cc\u0639\u0646\u06cc \u06cc\u06a9 \u067e\u0631\u0648\u0633\u0633 \u0628\u0627 \u0633\u0637\u062d \u06cc\u06a9\u067e\u0627\u0631\u0686\u06af\u06cc \u0633\u06cc\u0633\u062a\u0645\u060c \u0646\u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u0628\u0647 \u0641\u0636\u0627\u06cc \u062d\u0627\u0641\u0638\u0647 \u06cc\u06a9 \u067e\u0631\u0648\u0633\u0633 \u0628\u0627 \u0633\u0637\u062d \u06cc\u06a9\u067e\u0627\u0631\u0686\u06af\u06cc \u0633\u06cc\u0633\u062a\u0645 \u0648 \u0628\u0627 PPL \u0641\u0639\u0627\u0644 \u062f\u0633\u062a\u0631\u0633\u06cc \u062f\u0627\u0634\u062a\u0647 \u06cc\u0627 \u0622\u0646 \u0631\u0627 \u062f\u0633\u062a\u06a9\u0627\u0631\u06cc \u06a9\u0646\u062f. LSASS \u0627\u0632 PPL \u0647\u0645 \u067e\u0634\u062a\u06cc\u0628\u0627\u0646\u06cc \u0645\u06cc\u200c\u06a9\u0646\u062f.<\/p><h3><strong>\u0686\u06af\u0648\u0646\u0647 \u062d\u0641\u0627\u0638\u062a <\/strong><strong>LSA<\/strong><strong> \u0631\u0627 \u0641\u0639\u0627\u0644 \u06a9\u0646\u06cc\u0645\u061f<\/strong><\/h3><p>\u0627\u0628\u062a\u062f\u0627 \u0628\u0627\u06cc\u062f \u062f\u0631 \u0628\u0631\u0646\u0627\u0645\u0647 \u0631\u062c\u06cc\u0633\u062a\u0631\u06cc\u060c \u0648 \u062f\u0631 \u0622\u062f\u0631\u0633 \u0632\u06cc\u0631 \u06cc\u06a9 \u06a9\u0644\u06cc\u062f DWORD \u062c\u062f\u06cc\u062f \u062a\u0639\u0631\u06cc\u0641 \u06a9\u0646\u06cc\u0645:<\/p><p style=\"text-align: left;\"><code>\u201cHKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Lsa\u201d<\/code><\/p><p>\u0646\u0627\u0645 \u06a9\u0644\u06cc\u062f <strong>RunAsPPL<\/strong> \u0648 \u0645\u0642\u062f\u0627\u0631 \u0622\u0646 \u0628\u0627\u06cc\u062f \u0628\u0631\u0627\u0628\u0631 1 \u0628\u0627\u0634\u062f. \u062f\u0631 \u06af\u0627\u0645 \u0622\u062e\u0631 \u0628\u0627\u06cc\u062f \u06a9\u0627\u0645\u067e\u06cc\u0648\u062a\u0631 \u0631\u0627 \u0631\u06cc\u200c\u0627\u0633\u062a\u0627\u0631\u062a \u06a9\u0646\u06cc\u0645 \u062a\u0627 \u0627\u062c\u0631\u0627\u06cc \u062a\u063a\u06cc\u06cc\u0631\u0627\u062a \u06a9\u0627\u0645\u0644 \u0634\u0648\u062f.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-fb6f40b elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"fb6f40b\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-0761dea\" data-id=\"0761dea\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-b718829 elementor-widget elementor-widget-image\" data-id=\"b718829\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"700\" height=\"273\" src=\"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2021\/08\/6.png\" class=\"attachment-large size-large wp-image-13489\" alt=\"\u0641\u0639\u0627\u0644\u200c\u06a9\u0631\u062f\u0646 \u062d\u0641\u0627\u0638\u062a LSA\" srcset=\"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2021\/08\/6.png 700w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2021\/08\/6-300x117.png 300w\" sizes=\"(max-width: 700px) 100vw, 700px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-c0fdb68 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"c0fdb68\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-c02c932\" data-id=\"c02c932\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-ca12499 elementor-widget elementor-widget-text-editor\" data-id=\"ca12499\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h2><strong>\u062f\u0648\u0631 \u0632\u062f\u0646 \u062d\u0641\u0627\u0638\u062a <\/strong><strong>LSA<\/strong><strong>\u00a0<\/strong><\/h2><p style=\"text-align: justify;\">\u0633\u0647 \u0631\u0627\u0647 \u0628\u0631\u0627\u06cc \u062f\u0648\u0631 \u0632\u062f\u0646 \u062d\u0641\u0627\u0638\u062a LSA \u0648 \u062f\u0627\u0645\u067e\u200c\u06a9\u0631\u062f\u0646 \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u0647\u0648\u06cc\u062a\u06cc \u06a9\u0634\u200c\u0634\u062f\u0647 \u0648\u062c\u0648\u062f \u062f\u0627\u0631\u062f:<\/p><ol style=\"text-align: justify;\"><li>\u062d\u0630\u0641 \u06a9\u0644\u06cc\u062f \u0631\u062c\u06cc\u0633\u062a\u0631\u06cc RunAsPPL \u0648 \u0631\u06cc\u200c\u0627\u0633\u062a\u0627\u0631\u062a\u200c\u06a9\u0631\u062f\u0646 \u0645\u062c\u062f\u062f \u0633\u06cc\u0633\u062a\u0645. \u0627\u0644\u0628\u062a\u0647 \u0627\u06cc\u0646 \u0631\u0648\u0634 \u0639\u0645\u0644\u06cc \u0646\u06cc\u0633\u062a\u060c \u0686\u0648\u0646 \u0628\u0647 \u0645\u062d\u0636 \u0627\u06cc\u0646 \u06a9\u0647 \u0633\u06cc\u0633\u062a\u0645 \u0631\u0627 \u0631\u06cc\u200c\u0627\u0633\u062a\u0627\u0631\u062a \u06a9\u0646\u06cc\u0645\u060c \u062a\u0645\u0627\u0645 \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u0647\u0648\u06cc\u062a\u06cc \u0631\u0627 \u06a9\u0647 \u0631\u0648\u06cc \u062d\u0627\u0641\u0638\u0647 \u06a9\u0634 \u0634\u062f\u0647 \u0628\u0648\u062f\u0646\u062f \u0627\u0632 \u062f\u0633\u062a \u0645\u06cc\u200c\u062f\u0647\u06cc\u0645.<\/li><li>\u063a\u06cc\u0631\u0641\u0639\u0627\u0644\u200c\u06a9\u0631\u062f\u0646 \u0641\u0644\u06af\u200c\u0647\u0627\u06cc PPL \u062f\u0631 \u067e\u0631\u0648\u0633\u0633 LSASS \u0628\u0627 \u067e\u0686\u200c\u06a9\u0631\u062f\u0646 \u0633\u0627\u062e\u062a\u0627\u0631 EPROCESS \u062f\u0631 \u06a9\u0631\u0646\u0644. \u0641\u0639\u0627\u0644 \u06cc\u0627 \u0641\u0639\u0627\u0644\u200c\u0646\u0628\u0648\u062f\u0646 \u062d\u0641\u0627\u0638\u062a PPL \u062a\u0648\u0633\u0637 \u06cc\u06a9 \u0628\u06cc\u062a \u06a9\u0646\u062a\u0631\u0644 \u0645\u06cc\u200c\u0634\u0648\u062f \u06a9\u0647 \u062f\u0631 \u0622\u0628\u062c\u06a9\u062a \u06a9\u0631\u0646\u0644 EPROCESS \u0645\u0631\u0628\u0648\u0637 \u0628\u0647 \u067e\u0631\u0648\u0633\u0633 \u0647\u062f\u0641 \u0642\u0631\u0627\u0631 \u062f\u0627\u0631\u062f. \u0627\u06af\u0631 \u0628\u062a\u0648\u0627\u0646\u06cc\u0645 \u062f\u0633\u062a\u0631\u0633\u06cc \u0627\u062c\u0631\u0627\u06cc \u06a9\u062f \u0631\u0627 \u062f\u0631 \u0641\u0636\u0627\u06cc \u06a9\u0631\u0646\u0644 \u0628\u0647 \u062f\u0633\u062a \u0622\u0648\u0631\u06cc\u0645\u060c \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u06cc\u0645 \u062d\u0641\u0627\u0638\u062a LSA \u0631\u0627 \u063a\u06cc\u0631\u0641\u0639\u0627\u0644 \u06a9\u0631\u062f\u0647 \u0648 \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u0647\u0648\u06cc\u062a\u06cc \u0631\u0627 \u062f\u0627\u0645\u067e \u06a9\u0646\u06cc\u0645.<\/li><li>\u062e\u0648\u0627\u0646\u062f\u0646 \u0645\u0633\u062a\u0642\u06cc\u0645 \u0645\u062d\u062a\u0648\u0627\u06cc \u067e\u0631\u0648\u0633\u0633 LSASS \u062f\u0631 \u062d\u0627\u0641\u0638\u0647 \u0628\u0647 \u062c\u0627\u06cc \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u067e\u0631\u0648\u0633\u0633\u200c\u0641\u0627\u0646\u06a9\u0634\u0646\u200c\u0647\u0627\u06cc \u0628\u0627\u0632<\/li><\/ol><p style=\"text-align: justify;\">\u0645\u0627 \u0631\u0648\u0634 \u062f\u0648\u0645 \u0631\u0627 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0645\u06cc\u200c\u06a9\u0646\u06cc\u0645. \u062e\u0648\u0634\u0628\u062e\u062a\u0627\u0646\u0647 \u0686\u0646\u062f\u06cc\u0646 \u0627\u0628\u0632\u0627\u0631 \u0648\u062c\u0648\u062f \u062f\u0627\u0631\u0646\u062f \u06a9\u0647 \u0628\u0647 \u0635\u0648\u0631\u062a \u062a\u062e\u0635\u0635\u06cc \u0628\u0631\u0627\u06cc \u067e\u0686\u200c\u06a9\u0631\u062f\u0646 \u0633\u0627\u062e\u062a\u0627\u0631 EPROCESS \u062f\u0631 \u06a9\u0631\u0646\u0644 \u0648 \u063a\u06cc\u0631\u0641\u0639\u0627\u0644\u200c\u06a9\u0631\u062f\u0646 \u0641\u0644\u06af\u200c\u0647\u0627\u06cc PPL \u0631\u0648\u06cc \u067e\u0631\u0648\u0633\u0633 LSASS \u0646\u0648\u0634\u062a\u0647 \u0634\u062f\u0647\u200c\u0627\u0646\u062f.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-2f98424 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"2f98424\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-949ec4e\" data-id=\"949ec4e\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-8302607 elementor-widget elementor-widget-text-editor\" data-id=\"8302607\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h3><strong>\u067e\u0631\u0648\u0698\u0647 \u0627\u0648\u0644: <\/strong><strong>mimidrv.sys<\/strong><strong> \u0627\u0632 <\/strong><strong>mimikatz<\/strong><strong>\u00a0<\/strong><\/h3><p style=\"text-align: justify;\">\u062e\u0648\u0634\u0628\u062e\u062a\u0627\u0646\u0647 \u062a\u0648\u0633\u0639\u0647\u200c\u062f\u0647\u0646\u062f\u0647 mimikatz \u06cc\u06a9 \u062f\u0631\u0627\u06cc\u0648\u0631 \u06a9\u0631\u0646\u0644 \u0628\u0647 \u0646\u0627\u0645 mimidrv.sys \u0628\u0631\u0627\u06cc \u0622\u0646 \u0645\u0646\u062a\u0634\u0631 \u06a9\u0631\u062f\u0647 \u0627\u0633\u062a \u06a9\u0647 \u0647\u0645\u0627\u0646\u200c\u0637\u0648\u0631 \u06a9\u0647 \u0642\u0628\u0644\u0627 \u06af\u0641\u062a\u0645\u060c \u0628\u0647 \u0645\u0627 \u0627\u062c\u0627\u0632\u0647 \u0645\u06cc\u200c\u062f\u0647\u062f \u062d\u0641\u0627\u0638\u062a LSA \u0631\u0627 \u062f\u0648\u0631 \u0628\u0632\u0646\u06cc\u0645. \u0628\u0631\u0627\u06cc \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u0627\u06cc\u0646 \u062f\u0631\u0627\u06cc\u0648\u0631 \u0644\u0627\u0632\u0645 \u0627\u0633\u062a \u062f\u0633\u062a\u0631\u0633\u06cc <strong>SeLoadDriverPrivilege<\/strong> \u0631\u0627 \u062f\u0627\u0634\u062a\u0647 \u0628\u0627\u0634\u06cc\u0645 \u0648 \u0628\u062a\u0648\u0627\u0646\u06cc\u0645 \u0647\u0631 \u062f\u0631\u0627\u06cc\u0648\u0631\u06cc \u0631\u0627 \u0628\u0627 \u0647\u0631 \u0627\u0645\u0636\u0627\u06cc \u062f\u06cc\u062c\u06cc\u062a\u0627\u0644\u06cc \u0644\u0648\u062f \u06a9\u0646\u06cc\u0645\u060c \u0648 \u0627\u0632 \u0622\u0646\u200c\u062c\u0627\u06cc\u06cc \u06a9\u0647 \u0645\u0627 \u0627\u0632 \u0642\u0628\u0644 \u06cc\u06a9 \u062f\u0633\u062a\u0631\u0633\u06cc \u0627\u062f\u0645\u06cc\u0646 \u06cc\u0627 \u0633\u06cc\u0633\u062a\u0645 \u0628\u0631\u0627\u06cc \u062f\u0627\u0645\u067e\u200c\u06a9\u0631\u062f\u0646 \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u0647\u0648\u06cc\u062a\u06cc \u062f\u0627\u0631\u06cc\u0645\u060c \u067e\u0633 \u0627\u06cc\u0646 \u062f\u0633\u062a\u0631\u0633\u06cc \u0631\u0627 \u0646\u06cc\u0632 \u062f\u0627\u0631\u06cc\u0645. \u0628\u0627\u06cc\u062f \u0628\u0627 \u062a\u0627\u06cc\u067e\u200c\u06a9\u0631\u062f\u0646 +! \u062f\u0631 \u0645\u062d\u06cc\u0637 mimikatz \u0641\u0627\u06cc\u0644 mimidrv.sys \u0631\u0627 \u0644\u0648\u062f \u06a9\u0646\u06cc\u0645. \u067e\u0633 \u0627\u0632 \u0622\u0646 \u062d\u0641\u0627\u0638\u062a \u0631\u0627 \u0627\u0632 \u0631\u0648\u06cc \u067e\u0631\u0648\u0633\u0633 lsass.exe \u0628\u0631\u0645\u06cc\u200c\u062f\u0627\u0631\u06cc\u0645. \u067e\u0633 \u0627\u0632 \u0627\u06cc\u0646 \u06a9\u0647 \u0641\u0644\u06af \u062d\u0641\u0627\u0638\u062a \u0631\u0627 \u0627\u0632 lsass.exe \u0628\u0631\u062f\u0627\u0634\u062a\u06cc\u0645\u060c \u0633\u0639\u06cc \u0645\u06cc\u200c\u06a9\u0646\u06cc\u0645 \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u0647\u0648\u06cc\u062a\u06cc \u0631\u0627 \u062f\u0627\u0645\u067e \u06a9\u0646\u06cc\u0645:<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-433fbf7 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"433fbf7\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-f1fabf9\" data-id=\"f1fabf9\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-0e091f7 elementor-widget elementor-widget-text-editor\" data-id=\"0e091f7\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p style=\"text-align: left;\"><span style=\"color: #ffffff;\"><code dir=\"ltr\">!+<br \/>\n!processprotect \/process:lsass.exe \/remove<br \/>\nsekurlsa::logonpasswords<\/code><\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-f70cd81 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"f70cd81\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-989d94c\" data-id=\"989d94c\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-3854aea elementor-widget elementor-widget-image\" data-id=\"3854aea\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"875\" height=\"679\" src=\"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2021\/08\/7.png\" class=\"attachment-large size-large wp-image-13490\" alt=\"\u062f\u0627\u0645\u067e \u0645\u0648\u0641\u0642 \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u0647\u0648\u06cc\u062a\u06cc \u0648\u06cc\u0646\u062f\u0648\u0632\" srcset=\"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2021\/08\/7.png 875w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2021\/08\/7-300x233.png 300w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2021\/08\/7-768x596.png 768w\" sizes=\"(max-width: 875px) 100vw, 875px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-5c6a421 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"5c6a421\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-ebc841c\" data-id=\"ebc841c\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-79f6c7f elementor-widget elementor-widget-text-editor\" data-id=\"79f6c7f\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p style=\"text-align: justify;\">\u0627\u06cc\u0646 \u0628\u0627\u0631 \u0645\u0648\u0641\u0642 \u0634\u062f\u06cc\u0645 \u0648 \u062a\u0648\u0627\u0646\u0633\u062a\u06cc\u0645 \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u0647\u0648\u06cc\u062a\u06cc \u0631\u0627 \u062f\u0627\u0645\u067e \u06a9\u0646\u06cc\u0645. \u0627\u0644\u0628\u062a\u0647 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 mimidrv.sys \u06cc\u06a9 \u0639\u06cc\u0628 \u062f\u0627\u0631\u062f \u0648 \u0622\u0646 \u0647\u0645 \u0627\u06cc\u0646 \u0627\u0633\u062a \u06a9\u0647 \u0644\u0627\u0632\u0645 \u0627\u0633\u062a \u062f\u06cc\u0633\u06a9 \u0631\u0627 \u062f\u0633\u062a\u06a9\u0627\u0631\u06cc \u06a9\u0646\u06cc\u0645 (\u0628\u0631\u0627\u06cc \u06a9\u067e\u06cc\u200c\u06a9\u0631\u062f\u0646 mimidrv.sys \u0628\u0647 \u0633\u06cc\u0633\u062a\u0645 \u0647\u062f\u0641) \u06a9\u0647 \u0628\u0647 \u0633\u0631\u0639\u062a \u062a\u0648\u0633\u0637 \u0631\u0627\u0647\u06a9\u0627\u0631\u0647\u0627\u06cc \u0622\u0646\u062a\u06cc\u200c\u0648\u06cc\u0631\u0648\u0633 \u0634\u0646\u0627\u0633\u0627\u06cc\u06cc \u0645\u06cc\u200c\u0634\u0648\u062f.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-fc29eb4 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"fc29eb4\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-1b9393f\" data-id=\"1b9393f\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-032551c elementor-widget elementor-widget-text-editor\" data-id=\"032551c\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h3><strong>\u067e\u0631\u0648\u0698\u0647 \u062f\u0648\u0645: <\/strong><strong>PPLKiller<\/strong><strong>\u00a0<\/strong><\/h3><p style=\"text-align: justify;\">\u0627\u0632 \u0622\u0646\u200c\u062c\u0627\u06cc\u06cc \u06a9\u0647 \u0631\u0648\u0634 \u0627\u0648\u0644 \u0628\u0647 \u0633\u0631\u0639\u062a \u062a\u0648\u0633\u0637 \u0622\u0646\u062a\u06cc\u200c\u200e\u0648\u06cc\u0631\u0648\u0633 \u0634\u0646\u0627\u0633\u0627\u06cc\u06cc \u0645\u06cc\u200c\u0634\u0648\u062f\u060c \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u06cc\u0645 \u0627\u0632 \u06cc\u06a9 \u062f\u0631\u0627\u06cc\u0648\u0631 \u0631\u0633\u0645\u06cc \u0648\u0644\u06cc \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631 \u0628\u0631\u0627\u06cc \u0627\u062c\u0631\u0627\u06cc \u06a9\u062f \u0627\u0632 \u0631\u0627\u0647 \u062f\u0648\u0631 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u06a9\u0646\u06cc\u0645 \u062a\u0627 \u062f\u0631 \u0646\u0647\u0627\u06cc\u062a \u0628\u062a\u0648\u0627\u0646\u06cc\u0645 \u062f\u0633\u062a\u0648\u0631\u0627\u062a \u062e\u0648\u062f \u0631\u0627 \u062f\u0631 \u0641\u0636\u0627\u06cc \u06a9\u0631\u0646\u0644 \u0627\u062c\u0631\u0627 \u06a9\u0646\u06cc\u0645. <a href=\"https:\/\/github.com\/RedCursorSecurityConsulting\/PPLKiller\">PPLKiller<\/a> \u06cc\u06a9 \u0645\u062b\u0627\u0644 \u0627\u0632 \u0627\u06cc\u0646 \u0631\u0648\u0634 \u0627\u0633\u062a.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-141ac0e elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"141ac0e\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-a0520b9\" data-id=\"a0520b9\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-2f9f5d3 elementor-widget elementor-widget-text-editor\" data-id=\"2f9f5d3\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h2><strong>\u062c\u0645\u0639\u200c\u0628\u0646\u062f\u06cc\u00a0<\/strong><\/h2><p style=\"text-align: justify;\">\u0628\u0647 \u0637\u0648\u0631 \u062e\u0644\u0627\u0635\u0647\u060c PPL \u062f\u0631 \u0641\u0636\u0627\u06cc \u06a9\u0627\u0631\u0628\u0631 (userland) \u06a9\u0627\u0631 \u0645\u06cc\u200c\u06a9\u0646\u062f \u0648 \u062f\u0644\u06cc\u0644 \u06a9\u0627\u0631\u06a9\u0631\u062f\u0646 \u062a\u0645\u0627\u0645 \u062a\u06a9\u0646\u06cc\u06a9\u200c\u0647\u0627\u06cc \u0630\u06a9\u0631\u0634\u062f\u0647 \u062f\u0631 \u0627\u06cc\u0646 \u0645\u0642\u0627\u0644\u0647\u060c \u0627\u06cc\u0646 \u0627\u0633\u062a \u06a9\u0647 \u0645\u0627 \u0633\u0639\u06cc \u0645\u06cc\u200c\u06a9\u0646\u06cc\u0645 \u06a9\u062f \u062e\u0648\u062f \u0631\u0627 \u062f\u0631 \u0641\u0636\u0627\u06cc \u06a9\u0631\u0646\u0644 \u0627\u062c\u0631\u0627 \u06a9\u0646\u06cc\u0645. \u0647\u0631\u06af\u0627\u0647 \u0628\u062a\u0648\u0627\u0646\u06cc\u0645 \u06a9\u062f \u062f\u0644\u062e\u0648\u0627\u0647 \u062e\u0648\u062f \u0631\u0627 \u062f\u0631 \u0641\u0636\u0627\u06cc \u06a9\u0631\u0646\u0644 \u0627\u062c\u0631\u0627 \u06a9\u0646\u06cc\u0645\u060c \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u06cc\u0645 \u062a\u0645\u0627\u0645 \u067e\u0631\u0648\u0633\u0633\u200c\u0647\u0627\u06cc\u06cc \u0631\u0627 \u06a9\u0647 \u0628\u0647 \u0647\u0645\u0631\u0627\u0647 PPL \u062f\u0631 \u062d\u0627\u0644 \u0627\u062c\u0631\u0627 \u0647\u0633\u062a\u0646\u062f\u060c \u0628\u0647 \u0637\u0648\u0631 \u06a9\u0627\u0645\u0644 \u063a\u06cc\u0631\u0641\u0639\u0627\u0644 \u06a9\u0646\u06cc\u0645.<\/p><p style=\"text-align: justify;\">\u0627\u0632 \u0627\u06cc\u0646 \u06a9\u0647 \u062a\u0627 \u0627\u0646\u062a\u0647\u0627\u06cc \u0627\u06cc\u0646 \u0645\u0642\u0627\u0644\u0647 \u0628\u0627 \u0645\u0646 \u0647\u0645\u0631\u0627\u0647 \u0628\u0648\u062f\u06cc\u062f \u0645\u062a\u0634\u06a9\u0631\u0645.\u00a0 <\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>\u0646\u0648\u06cc\u0633\u0646\u062f\u0647: \u0633\u0627\u0644\u0627\u0631 \u0628\u062e\u062a\u06cc\u0627\u0631\u06cc \u062f\u0631 \u0627\u06cc\u0646 \u0645\u0642\u0627\u0644\u0647 \u0642\u0635\u062f \u062f\u0627\u0631\u0645 \u0646\u062d\u0648\u0647 \u06a9\u0627\u0631 \u062d\u0641\u0627\u0638\u062a LSA \u06cc\u0627 \u00abProtected Process Light\u00bb\u060c \u0648 \u0646\u062d\u0648\u0647 \u062f\u0648\u0631\u0632\u062f\u0646 \u0622\u0646 \u0628\u0631\u0627\u06cc \u062f\u0627\u0645\u067e\u200c\u06a9\u0631\u062f\u0646 \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u0647\u0648\u06cc\u062a\u06cc \u06a9\u0634\u200c\u0634\u062f\u0647 \u062f\u0631 \u062d\u0627\u0641\u0638\u0647 \u0631\u0627 \u062a\u0648\u0636\u06cc\u062d \u062f\u0647\u0645. \u0642\u0628\u0644 \u0627\u0632 \u0627\u06cc\u0646 \u06a9\u0647 \u0648\u0627\u0631\u062f \u0645\u0628\u062d\u062b \u062f\u0627\u0645\u067e\u200c\u06a9\u0631\u062f\u0646 \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u0647\u0648\u06cc\u062a\u06cc \u06a9\u0634\u200c\u0634\u062f\u0647 \u06cc\u0627 \u0628\u062d\u062b \u062f\u0631\u0628\u0627\u0631\u0647 \u062d\u0641\u0627\u0638\u062a LSA \u0634\u0648\u06cc\u0645\u060c \u0644\u0627\u0632\u0645 \u0627\u0633\u062a \u0628\u0627 \u062f\u0633\u062a\u0631\u0633\u06cc\u200c\u0647\u0627\u06cc \u0627\u062e\u062a\u0635\u0627\u0635\u200c\u06cc\u0627\u0641\u062a\u0647 (assigned rights) \u0648 \u0633\u0637\u0648\u062d &hellip;<\/p>\n","protected":false},"author":8,"featured_media":13471,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[258,4,2,349],"tags":[],"class_list":["post-13470","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-teaching","category-network-pentest","category-pentest","category-slides"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v26.5 (Yoast SEO v27.6) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>\u0627\u0633\u062a\u062e\u0631\u0627\u062c \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u0647\u0648\u06cc\u062a\u06cc \u0627\u0632 \u062d\u0627\u0641\u0638\u0647 \u062f\u0627\u0631\u0627\u06cc \u062d\u0641\u0627\u0638\u062a LSA - \u0628\u0644\u0627\u06af \u06af\u0631\u0648\u0647 \u0644\u06cc\u0627\u0646<\/title>\n<meta name=\"description\" content=\"\u062f\u0631 \u0627\u06cc\u0646 \u0645\u0642\u0627\u0644\u0647 \u0645\u06cc\u200c\u0622\u0645\u0648\u0632\u06cc\u0645 \u06a9\u0647 \u0686\u06af\u0648\u0646\u0647 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646 \u0628\u0627 \u06a9\u0645\u06a9 \u062f\u0631\u0627\u06cc\u0648\u0631 \u06a9\u0631\u0646\u0644 Mimikatz\u060c \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u0647\u0648\u06cc\u062a\u06cc \u06a9\u0634\u200c\u0634\u062f\u0647 \u062f\u0631 \u062d\u0627\u0641\u0638\u0647 \u0631\u0627 \u0627\u0632 \u0633\u06cc\u0633\u062a\u0645 \u062d\u0641\u0627\u0638\u062a\u200c\u0634\u062f\u0647 \u0628\u0627 LSA \u062f\u0627\u0645\u067e \u06a9\u0646\u06cc\u0645.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/liangroup.net\/blog\/credential-dumping-with-lsa-enabled\/\" \/>\n<meta property=\"og:locale\" content=\"fa_IR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"\u0627\u0633\u062a\u062e\u0631\u0627\u062c \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u0647\u0648\u06cc\u062a\u06cc \u0627\u0632 \u062d\u0627\u0641\u0638\u0647 \u062f\u0627\u0631\u0627\u06cc \u062d\u0641\u0627\u0638\u062a LSA\" \/>\n<meta property=\"og:description\" content=\"\u062f\u0631 \u0627\u06cc\u0646 \u0645\u0642\u0627\u0644\u0647 \u0645\u06cc\u200c\u0622\u0645\u0648\u0632\u06cc\u0645 \u06a9\u0647 \u0686\u06af\u0648\u0646\u0647 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646 \u0628\u0627 \u06a9\u0645\u06a9 \u062f\u0631\u0627\u06cc\u0648\u0631 \u06a9\u0631\u0646\u0644 Mimikatz\u060c \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u0647\u0648\u06cc\u062a\u06cc \u06a9\u0634\u200c\u0634\u062f\u0647 \u062f\u0631 \u062d\u0627\u0641\u0638\u0647 \u0631\u0627 \u0627\u0632 \u0633\u06cc\u0633\u062a\u0645 \u062d\u0641\u0627\u0638\u062a\u200c\u0634\u062f\u0647 \u0628\u0627 LSA \u062f\u0627\u0645\u067e \u06a9\u0646\u06cc\u0645.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/liangroup.net\/blog\/credential-dumping-with-lsa-enabled\/\" \/>\n<meta property=\"og:site_name\" content=\"\u0628\u0644\u0627\u06af \u06af\u0631\u0648\u0647 \u0644\u06cc\u0627\u0646\" \/>\n<meta property=\"article:published_time\" content=\"2021-08-29T16:08:15+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-08-29T18:07:24+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2021\/08\/index-3.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"800\" \/>\n\t<meta property=\"og:image:height\" content=\"500\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"\u0646\u0648\u06cc\u0633\u0646\u062f\u0647 \u0644\u06cc\u0627\u0646\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@liansecurity\" \/>\n<meta name=\"twitter:site\" content=\"@liansecurity\" \/>\n<meta name=\"twitter:label1\" content=\"\u0646\u0648\u0634\u062a\u0647\u200c\u0634\u062f\u0647 \u0628\u062f\u0633\u062a\" \/>\n\t<meta name=\"twitter:data1\" content=\"\u0646\u0648\u06cc\u0633\u0646\u062f\u0647 \u0644\u06cc\u0627\u0646\" \/>\n\t<meta name=\"twitter:label2\" content=\"\u0632\u0645\u0627\u0646 \u062a\u0642\u0631\u06cc\u0628\u06cc \u0628\u0631\u0627\u06cc \u062e\u0648\u0627\u0646\u062f\u0646\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 \u062f\u0642\u06cc\u0642\u0647\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/credential-dumping-with-lsa-enabled\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/credential-dumping-with-lsa-enabled\\\/\"},\"author\":{\"name\":\"\u0646\u0648\u06cc\u0633\u0646\u062f\u0647 \u0644\u06cc\u0627\u0646\",\"@id\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/#\\\/schema\\\/person\\\/38f29186061abb5bc8a995f5224fd115\"},\"headline\":\"\u0627\u0633\u062a\u062e\u0631\u0627\u062c \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u0647\u0648\u06cc\u062a\u06cc \u0627\u0632 \u062d\u0627\u0641\u0638\u0647 \u062f\u0627\u0631\u0627\u06cc \u062d\u0641\u0627\u0638\u062a LSA\",\"datePublished\":\"2021-08-29T16:08:15+00:00\",\"dateModified\":\"2021-08-29T18:07:24+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/credential-dumping-with-lsa-enabled\\\/\"},\"wordCount\":111,\"commentCount\":0,\"image\":{\"@id\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/credential-dumping-with-lsa-enabled\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/08\\\/index-3.jpg\",\"articleSection\":[\"\u0622\u0645\u0648\u0632\u0634\u200c\u0647\u0627\u06cc \u0644\u06cc\u0627\u0646\",\"\u062a\u0633\u062a \u0646\u0641\u0648\u0630 \u0634\u0628\u06a9\u0647\",\"\u062a\u0633\u062a \u0646\u0641\u0648\u0630 \u0648 \u0627\u0645\u0646\u06cc\u062a\",\"\u06cc\u06cc\u06cc\u06cc \u0627\u0633\u0644\u0627\u06cc\u062f\"],\"inLanguage\":\"fa-IR\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/liangroup.net\\\/blog\\\/credential-dumping-with-lsa-enabled\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/credential-dumping-with-lsa-enabled\\\/\",\"url\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/credential-dumping-with-lsa-enabled\\\/\",\"name\":\"\u0627\u0633\u062a\u062e\u0631\u0627\u062c \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u0647\u0648\u06cc\u062a\u06cc \u0627\u0632 \u062d\u0627\u0641\u0638\u0647 \u062f\u0627\u0631\u0627\u06cc \u062d\u0641\u0627\u0638\u062a LSA - \u0628\u0644\u0627\u06af \u06af\u0631\u0648\u0647 \u0644\u06cc\u0627\u0646\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/credential-dumping-with-lsa-enabled\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/credential-dumping-with-lsa-enabled\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/08\\\/index-3.jpg\",\"datePublished\":\"2021-08-29T16:08:15+00:00\",\"dateModified\":\"2021-08-29T18:07:24+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/#\\\/schema\\\/person\\\/38f29186061abb5bc8a995f5224fd115\"},\"description\":\"\u062f\u0631 \u0627\u06cc\u0646 \u0645\u0642\u0627\u0644\u0647 \u0645\u06cc\u200c\u0622\u0645\u0648\u0632\u06cc\u0645 \u06a9\u0647 \u0686\u06af\u0648\u0646\u0647 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646 \u0628\u0627 \u06a9\u0645\u06a9 \u062f\u0631\u0627\u06cc\u0648\u0631 \u06a9\u0631\u0646\u0644 Mimikatz\u060c \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u0647\u0648\u06cc\u062a\u06cc \u06a9\u0634\u200c\u0634\u062f\u0647 \u062f\u0631 \u062d\u0627\u0641\u0638\u0647 \u0631\u0627 \u0627\u0632 \u0633\u06cc\u0633\u062a\u0645 \u062d\u0641\u0627\u0638\u062a\u200c\u0634\u062f\u0647 \u0628\u0627 LSA \u062f\u0627\u0645\u067e \u06a9\u0646\u06cc\u0645.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/credential-dumping-with-lsa-enabled\\\/#breadcrumb\"},\"inLanguage\":\"fa-IR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/liangroup.net\\\/blog\\\/credential-dumping-with-lsa-enabled\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"fa-IR\",\"@id\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/credential-dumping-with-lsa-enabled\\\/#primaryimage\",\"url\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/08\\\/index-3.jpg\",\"contentUrl\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/08\\\/index-3.jpg\",\"width\":800,\"height\":500,\"caption\":\"\u0633\u0631\u0642\u062a \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u0647\u0648\u06cc\u062a\u06cc\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/credential-dumping-with-lsa-enabled\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"\u062e\u0627\u0646\u0647\",\"item\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"\u0627\u0633\u062a\u062e\u0631\u0627\u062c \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u0647\u0648\u06cc\u062a\u06cc \u0627\u0632 \u062d\u0627\u0641\u0638\u0647 \u062f\u0627\u0631\u0627\u06cc \u062d\u0641\u0627\u0638\u062a LSA\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/\",\"name\":\"\u0628\u0644\u0627\u06af \u06af\u0631\u0648\u0647 \u0644\u06cc\u0627\u0646\",\"description\":\"\u0622\u062e\u0631\u06cc\u0646 \u0627\u062e\u0628\u0627\u0631\u060c\u0645\u0642\u0627\u0644\u0627\u062a \u0648 \u0622\u0645\u0648\u0632\u0634\u200c\u0647\u0627\u06cc \u062d\u0648\u0632\u0647 \u0627\u0645\u0646\u06cc\u062a \u0633\u0627\u06cc\u0628\u0631\u06cc\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"fa-IR\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/#\\\/schema\\\/person\\\/38f29186061abb5bc8a995f5224fd115\",\"name\":\"\u0646\u0648\u06cc\u0633\u0646\u062f\u0647 \u0644\u06cc\u0627\u0646\",\"url\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/author\\\/m-kazemiun\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"\u0627\u0633\u062a\u062e\u0631\u0627\u062c \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u0647\u0648\u06cc\u062a\u06cc \u0627\u0632 \u062d\u0627\u0641\u0638\u0647 \u062f\u0627\u0631\u0627\u06cc \u062d\u0641\u0627\u0638\u062a LSA - \u0628\u0644\u0627\u06af \u06af\u0631\u0648\u0647 \u0644\u06cc\u0627\u0646","description":"\u062f\u0631 \u0627\u06cc\u0646 \u0645\u0642\u0627\u0644\u0647 \u0645\u06cc\u200c\u0622\u0645\u0648\u0632\u06cc\u0645 \u06a9\u0647 \u0686\u06af\u0648\u0646\u0647 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646 \u0628\u0627 \u06a9\u0645\u06a9 \u062f\u0631\u0627\u06cc\u0648\u0631 \u06a9\u0631\u0646\u0644 Mimikatz\u060c \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u0647\u0648\u06cc\u062a\u06cc \u06a9\u0634\u200c\u0634\u062f\u0647 \u062f\u0631 \u062d\u0627\u0641\u0638\u0647 \u0631\u0627 \u0627\u0632 \u0633\u06cc\u0633\u062a\u0645 \u062d\u0641\u0627\u0638\u062a\u200c\u0634\u062f\u0647 \u0628\u0627 LSA \u062f\u0627\u0645\u067e \u06a9\u0646\u06cc\u0645.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/liangroup.net\/blog\/credential-dumping-with-lsa-enabled\/","og_locale":"fa_IR","og_type":"article","og_title":"\u0627\u0633\u062a\u062e\u0631\u0627\u062c \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u0647\u0648\u06cc\u062a\u06cc \u0627\u0632 \u062d\u0627\u0641\u0638\u0647 \u062f\u0627\u0631\u0627\u06cc \u062d\u0641\u0627\u0638\u062a LSA","og_description":"\u062f\u0631 \u0627\u06cc\u0646 \u0645\u0642\u0627\u0644\u0647 \u0645\u06cc\u200c\u0622\u0645\u0648\u0632\u06cc\u0645 \u06a9\u0647 \u0686\u06af\u0648\u0646\u0647 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646 \u0628\u0627 \u06a9\u0645\u06a9 \u062f\u0631\u0627\u06cc\u0648\u0631 \u06a9\u0631\u0646\u0644 Mimikatz\u060c \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u0647\u0648\u06cc\u062a\u06cc \u06a9\u0634\u200c\u0634\u062f\u0647 \u062f\u0631 \u062d\u0627\u0641\u0638\u0647 \u0631\u0627 \u0627\u0632 \u0633\u06cc\u0633\u062a\u0645 \u062d\u0641\u0627\u0638\u062a\u200c\u0634\u062f\u0647 \u0628\u0627 LSA \u062f\u0627\u0645\u067e \u06a9\u0646\u06cc\u0645.","og_url":"https:\/\/liangroup.net\/blog\/credential-dumping-with-lsa-enabled\/","og_site_name":"\u0628\u0644\u0627\u06af \u06af\u0631\u0648\u0647 \u0644\u06cc\u0627\u0646","article_published_time":"2021-08-29T16:08:15+00:00","article_modified_time":"2021-08-29T18:07:24+00:00","og_image":[{"width":800,"height":500,"url":"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2021\/08\/index-3.jpg","type":"image\/jpeg"}],"author":"\u0646\u0648\u06cc\u0633\u0646\u062f\u0647 \u0644\u06cc\u0627\u0646","twitter_card":"summary_large_image","twitter_creator":"@liansecurity","twitter_site":"@liansecurity","twitter_misc":{"\u0646\u0648\u0634\u062a\u0647\u200c\u0634\u062f\u0647 \u0628\u062f\u0633\u062a":"\u0646\u0648\u06cc\u0633\u0646\u062f\u0647 \u0644\u06cc\u0627\u0646","\u0632\u0645\u0627\u0646 \u062a\u0642\u0631\u06cc\u0628\u06cc \u0628\u0631\u0627\u06cc \u062e\u0648\u0627\u0646\u062f\u0646":"7 \u062f\u0642\u06cc\u0642\u0647"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/liangroup.net\/blog\/credential-dumping-with-lsa-enabled\/#article","isPartOf":{"@id":"https:\/\/liangroup.net\/blog\/credential-dumping-with-lsa-enabled\/"},"author":{"name":"\u0646\u0648\u06cc\u0633\u0646\u062f\u0647 \u0644\u06cc\u0627\u0646","@id":"https:\/\/liangroup.net\/blog\/#\/schema\/person\/38f29186061abb5bc8a995f5224fd115"},"headline":"\u0627\u0633\u062a\u062e\u0631\u0627\u062c \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u0647\u0648\u06cc\u062a\u06cc \u0627\u0632 \u062d\u0627\u0641\u0638\u0647 \u062f\u0627\u0631\u0627\u06cc \u062d\u0641\u0627\u0638\u062a LSA","datePublished":"2021-08-29T16:08:15+00:00","dateModified":"2021-08-29T18:07:24+00:00","mainEntityOfPage":{"@id":"https:\/\/liangroup.net\/blog\/credential-dumping-with-lsa-enabled\/"},"wordCount":111,"commentCount":0,"image":{"@id":"https:\/\/liangroup.net\/blog\/credential-dumping-with-lsa-enabled\/#primaryimage"},"thumbnailUrl":"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2021\/08\/index-3.jpg","articleSection":["\u0622\u0645\u0648\u0632\u0634\u200c\u0647\u0627\u06cc \u0644\u06cc\u0627\u0646","\u062a\u0633\u062a \u0646\u0641\u0648\u0630 \u0634\u0628\u06a9\u0647","\u062a\u0633\u062a \u0646\u0641\u0648\u0630 \u0648 \u0627\u0645\u0646\u06cc\u062a","\u06cc\u06cc\u06cc\u06cc \u0627\u0633\u0644\u0627\u06cc\u062f"],"inLanguage":"fa-IR","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/liangroup.net\/blog\/credential-dumping-with-lsa-enabled\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/liangroup.net\/blog\/credential-dumping-with-lsa-enabled\/","url":"https:\/\/liangroup.net\/blog\/credential-dumping-with-lsa-enabled\/","name":"\u0627\u0633\u062a\u062e\u0631\u0627\u062c \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u0647\u0648\u06cc\u062a\u06cc \u0627\u0632 \u062d\u0627\u0641\u0638\u0647 \u062f\u0627\u0631\u0627\u06cc \u062d\u0641\u0627\u0638\u062a LSA - \u0628\u0644\u0627\u06af \u06af\u0631\u0648\u0647 \u0644\u06cc\u0627\u0646","isPartOf":{"@id":"https:\/\/liangroup.net\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/liangroup.net\/blog\/credential-dumping-with-lsa-enabled\/#primaryimage"},"image":{"@id":"https:\/\/liangroup.net\/blog\/credential-dumping-with-lsa-enabled\/#primaryimage"},"thumbnailUrl":"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2021\/08\/index-3.jpg","datePublished":"2021-08-29T16:08:15+00:00","dateModified":"2021-08-29T18:07:24+00:00","author":{"@id":"https:\/\/liangroup.net\/blog\/#\/schema\/person\/38f29186061abb5bc8a995f5224fd115"},"description":"\u062f\u0631 \u0627\u06cc\u0646 \u0645\u0642\u0627\u0644\u0647 \u0645\u06cc\u200c\u0622\u0645\u0648\u0632\u06cc\u0645 \u06a9\u0647 \u0686\u06af\u0648\u0646\u0647 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646 \u0628\u0627 \u06a9\u0645\u06a9 \u062f\u0631\u0627\u06cc\u0648\u0631 \u06a9\u0631\u0646\u0644 Mimikatz\u060c \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u0647\u0648\u06cc\u062a\u06cc \u06a9\u0634\u200c\u0634\u062f\u0647 \u062f\u0631 \u062d\u0627\u0641\u0638\u0647 \u0631\u0627 \u0627\u0632 \u0633\u06cc\u0633\u062a\u0645 \u062d\u0641\u0627\u0638\u062a\u200c\u0634\u062f\u0647 \u0628\u0627 LSA \u062f\u0627\u0645\u067e \u06a9\u0646\u06cc\u0645.","breadcrumb":{"@id":"https:\/\/liangroup.net\/blog\/credential-dumping-with-lsa-enabled\/#breadcrumb"},"inLanguage":"fa-IR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/liangroup.net\/blog\/credential-dumping-with-lsa-enabled\/"]}]},{"@type":"ImageObject","inLanguage":"fa-IR","@id":"https:\/\/liangroup.net\/blog\/credential-dumping-with-lsa-enabled\/#primaryimage","url":"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2021\/08\/index-3.jpg","contentUrl":"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2021\/08\/index-3.jpg","width":800,"height":500,"caption":"\u0633\u0631\u0642\u062a \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u0647\u0648\u06cc\u062a\u06cc"},{"@type":"BreadcrumbList","@id":"https:\/\/liangroup.net\/blog\/credential-dumping-with-lsa-enabled\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"\u062e\u0627\u0646\u0647","item":"https:\/\/liangroup.net\/blog\/"},{"@type":"ListItem","position":2,"name":"\u0627\u0633\u062a\u062e\u0631\u0627\u062c \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u0647\u0648\u06cc\u062a\u06cc \u0627\u0632 \u062d\u0627\u0641\u0638\u0647 \u062f\u0627\u0631\u0627\u06cc \u062d\u0641\u0627\u0638\u062a LSA"}]},{"@type":"WebSite","@id":"https:\/\/liangroup.net\/blog\/#website","url":"https:\/\/liangroup.net\/blog\/","name":"\u0628\u0644\u0627\u06af \u06af\u0631\u0648\u0647 \u0644\u06cc\u0627\u0646","description":"\u0622\u062e\u0631\u06cc\u0646 \u0627\u062e\u0628\u0627\u0631\u060c\u0645\u0642\u0627\u0644\u0627\u062a \u0648 \u0622\u0645\u0648\u0632\u0634\u200c\u0647\u0627\u06cc \u062d\u0648\u0632\u0647 \u0627\u0645\u0646\u06cc\u062a \u0633\u0627\u06cc\u0628\u0631\u06cc","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/liangroup.net\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"fa-IR"},{"@type":"Person","@id":"https:\/\/liangroup.net\/blog\/#\/schema\/person\/38f29186061abb5bc8a995f5224fd115","name":"\u0646\u0648\u06cc\u0633\u0646\u062f\u0647 \u0644\u06cc\u0627\u0646","url":"https:\/\/liangroup.net\/blog\/author\/m-kazemiun\/"}]}},"_links":{"self":[{"href":"https:\/\/liangroup.net\/blog\/wp-json\/wp\/v2\/posts\/13470","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/liangroup.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/liangroup.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/liangroup.net\/blog\/wp-json\/wp\/v2\/users\/8"}],"replies":[{"embeddable":true,"href":"https:\/\/liangroup.net\/blog\/wp-json\/wp\/v2\/comments?post=13470"}],"version-history":[{"count":0,"href":"https:\/\/liangroup.net\/blog\/wp-json\/wp\/v2\/posts\/13470\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/liangroup.net\/blog\/wp-json\/wp\/v2\/media\/13471"}],"wp:attachment":[{"href":"https:\/\/liangroup.net\/blog\/wp-json\/wp\/v2\/media?parent=13470"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/liangroup.net\/blog\/wp-json\/wp\/v2\/categories?post=13470"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/liangroup.net\/blog\/wp-json\/wp\/v2\/tags?post=13470"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}