lsass.exe Windows process threat hunting tips

lsass.exe: One Of The Most Important Windows Processes For Threat Hunting

“lsass.exe” stands for Local Security Authority Subsystem Service. In this new series, we analyze Windows processes and provide threat hunting tips. “lsass.exe” Windows process is responsible for a variety of security tasks including: Authenticating users and verifying user logins to a Windows computer or server. Creating the user’s access token. Managing the Active Directory. Writing to…