February 23, 2022Nosferatu - Lsass NTLM Authentication Backdoor
Lsass NTLM Authentication BackdoorHow it WorksFirst, the DLL is injected into the lsass.exe process, and will begin hooking authentication WinAPI calls. The targeted function is MsvpPasswordValidate(), located in NtlmShared.dll. In...
by KitPloit
in
Backdoor, DLL, DLL Injector, Hooking, Injector, Nosferatu, NTLM, Wmi