Tag
This brief describes the detection of suspicious access mask requests to the Local Security Authority Subsystem Service (LSASS) process, a common post-exploitation technique used by threat actors for credential dumping on Windows systems.