Skip to content

Hide Navigation Hide TOC

Security Support Provider (SSP) Added to LSA Configuration (eeb30123-9fbd-4ee8-aaa0-2e545bbed6dc)

Detects the addition of a SSP to the registry. Upon a reboot or API call, SSP DLLs gain access to encrypted and plaintext passwords stored in Windows.

Cluster A Galaxy A Cluster B Galaxy B Level
Security Support Provider (SSP) Added to LSA Configuration (eeb30123-9fbd-4ee8-aaa0-2e545bbed6dc) Sigma-Rules Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462) Attack Pattern 1
Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462) Attack Pattern Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern 2