O'Reilly logo

Mastering Windows Network Forensics and Investigation, 2nd Edition by Scott Pearson, Ryan Johnson, Steve Bunting, Steven Anson

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Extracting LSA Secrets

We can only imagine the chatter on the hacker network on the day that NT was released and the hackers discovered a registry key named SECURITY\Policy\Secrets. Its name alone makes it an attractive target. We could hope that perhaps Microsoft placed it there by that name, filling it with irrelevant data just to create a diversion for the hackers of the world. Such was hardly the case, because its contents were just what the name suggested. What’s more, this same key and content exist today in the most current versions of Windows.

LSA stands for Local Security Authority. The security hive key is part of the registry, although you can’t access this key through regedit. The previously mentioned key (SECURITY\Policy\Secrets ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required