# Other features **Event Tracing for Windows (ETW)** Event Tracing for Windows (ETW) provides a mechanism for tracing and logging events generated by user-mode applications and kernel-mode drivers. ETW is implemented in the Windows operating system and provides developers with a versatile set of event tracing features. We will disable that using Kernel Pack. To do that, go to the left menu "Events" and from the drop-down menu choose "Disable" and "Run command on..." **LSAAS Dump** Local Security Authority Subsystem Service (LSASS) is a process in Microsoft Windows operating systems that is responsible for enforcing the security policy on the system. It verifies users logging on to a Windows computer or server, handles password changes, and creates access tokens.\[2] It also writes to the Windows Security Log. **3DES keys** In cryptography, Triple DES (3DES or TDES), officially the Triple Data Encryption Algorithm (TDEA or Triple DEA), is a symmetric-key block cipher, which applies the DES cipher algorithm three times to each data block. * **Dumping Credentials from LSASS using Kernel Pack:** * In Kernel Pack, click on the "LSASS Dump" button on the left menu. * Select "Extract" * Click on the button labeled "Run command on \[IP Address]", where the IP address corresponds to the connected target. \ Kernel Pack will then dump the LSASS memory and attempt to extract credentials and 3DES keys. {% embed url="" %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://exploit-pack.gitbook.io/exploit-pack-manual-pages/kernel-pack/other-features.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.