Search notes:

Windows security

Local Security Authority (LSA)

The Local Security Authority (LSA) is Windows' security subsystem.
The LSA Database is the part of the user account database that stores account privilege information (account rights) and domain security policy information.

TODO

How are the following features related to Windows Security:

Effective permissions on objects

Objects, such as files, registry keys, services, processes, kernel objects etc. can be assigned effective (?) permissions.
These permissions can be viewed with the Sysinternal command line tool AccessChk (and AccessEnum for registry keys and files/directories).

Passwords

A passwords can be up to 128 Unicode characters.
The password is converted into Unicode characters and then hashed with MD4 (NLTMv1, resulting in a 128 bit (8 byte) value) or MD5 (NTLVv2).
On the command line, some (rudimentary) password policies can be set with net accounts.

Hosts file

The hosts files is a target of attackers, for example to redirect internet access to the attacker's own servers.

See also

Privileges
The Credential Manager
HKEY_LOCAL_MACHINE\SECURITY stores the Lsass policy database.
security principal
Antimalware Scan Interface (AMSI)
Settings -> Update & Security -> Windows Security
Security Descriptor Definition Language (SDDL)
SecEdit.exe
Security

Index