memssp
Last updated
Last updated
misc::memssp
patches LSASS by injecting a new Security Support Provider (a DLL is registered). Then the credentials of all the users authenticating after the injection will be logged. It can also be utilised when is configured.
If operating from a non-GUI session, then the following command can be used to lock the screen (the can also be used):
When a user authenticates again, the credentials will be saved to C:\Windows\System32\mimilsa.log
.