lsa.secrets

$ target-query <path/to/target> -f lsa.secrets

Details

Module	dissect.target.plugins.os.windows.credential.lsa.LSAPlugin
Output	records

Module documentation

Windows Local Security Authority (LSA) plugin.

References:

• https://learn.microsoft.com/en-us/windows/win32/secauthn/lsa-authentication

• https://moyix.blogspot.com/2008/02/decrypting-lsa-secrets.html (Windows XP)

• https://github.com/fortra/impacket/blob/master/impacket/examples/secretsdump.py

• ReVaulting decryption and opportunities SANS Summit Prague 2015

Function documentation

Yield decrypted LSA secrets from a Windows target.