Tag
high
advisory
LSASS Protection Policy Disabled via Registry Modification
2 rules 2 TTPsAttackers may disable Protected Process Light (PPL) protection for the LSASS process by modifying specific registry keys, allowing for credential dumping and other malicious activities.
Windows
credential-access
defense-evasion
lsass
ppl
registry
2r
2t
high
advisory
Windows Defender Evasion via Protected Process Light (PPL) Manipulation
2 rules 2 TTPsAn attacker can potentially evade Windows Defender by manipulating Protected Process Light (PPL) attributes, allowing malicious processes to operate with elevated privileges and avoid security scans.
Windows +1
ppl
windows-defender
evasion
2r
2t