@reznix

Hacker hacked LSASS protection in Windows One method is to use vulnerable libraries (BYOVDLL), which allows you to load a vulnerable version of the DLL into LSASS and return the vulnerability to work. Orange Cyberdefense specialist has discovered a way to bypass Microsoft security and execute arbitrary code in the LSASS process. He focused on the CNG Key Isolation (KeyIso) service and downloaded a vulnerable version of the keyiso.dll library by changing the registry settings and the path to the library. However, the system did not recognize the DLL digital signature, which prevented the download. In search of a solution, the researcher turned to file directories containing cryptographic hashes to authenticate files in Windows. After installing the desired directory on the test machine, the system recognized the signature of the vulnerable library and managed to load it into the protected LSASS process. Then the author registered a new key provider using a vulnerable version of the ncryptprov.dll library.

1 reply

0 recast

0 reaction