Other features
Last updated
Was this helpful?
Last updated
Was this helpful?
Event Tracing for Windows (ETW)
Event Tracing for Windows (ETW) provides a mechanism for tracing and logging events generated by user-mode applications and kernel-mode drivers. ETW is implemented in the Windows operating system and provides developers with a versatile set of event tracing features.
We will disable that using Kernel Pack. To do that, go to the left menu "Events" and from the drop-down menu choose "Disable" and "Run command on..."
LSAAS Dump
Local Security Authority Subsystem Service (LSASS) is a process in Microsoft Windows operating systems that is responsible for enforcing the security policy on the system. It verifies users logging on to a Windows computer or server, handles password changes, and creates access tokens.[2] It also writes to the Windows Security Log.
3DES keys
In cryptography, Triple DES (3DES or TDES), officially the Triple Data Encryption Algorithm (TDEA or Triple DEA), is a symmetric-key block cipher, which applies the DES cipher algorithm three times to each data block.
Dumping Credentials from LSASS using Kernel Pack:
In Kernel Pack, click on the "LSASS Dump" button on the left menu.
Select "Extract"
Click on the button labeled "Run command on [IP Address]", where the IP address corresponds to the connected target.
Kernel Pack will then dump the LSASS memory and attempt to extract credentials and 3DES keys.