[ros-dev] LSASS and MSV1_0.DLL - more research
Luke Kenneth Casson Leighton
lkcl at lkcl.net
Sat Sep 10 23:44:55 CEST 2005
lots of people appear to have done quite thorough amounts of digging
into MSV1_0.DLL due to it being the key to security attacks and stuff
e.g. http://www.security-protocols.com/whitepapers/NT/NTcred.txt
the two that i have read so far describe how WINLOGON.EXE is a
"user" of the LSASS system by doing a LsaLookupAuthenticationPackage
call, in order to obtain, presumably, the vector-table which MSV1_0.DLL
registers with the LSASS, and then once that vector-table is obtained,
they then go on to describe how MSV1_0.DLL may be attacked, by
describing in detail the data structures in it.
how very convenient for actually implementing one :)
l.
--
--
<a href="http://lkcl.net">http://lkcl.net</a>
--
More information about the Ros-dev
mailing list