AI-powered
podcast player
Listen to all your favourite podcasts with AI-powered features
1min snip
Episode 2: Dane Stuckey
Detection: Challenging Paradigms
How to Set a SACL for LSAS Processes
The SACL is built into the actual object itself and so it's going to be there as long as that file exists yeah I think you're spot on. There are a lot of things you can do with that for instance um you could run a PowerShell script you could find document files PDF files and now suddenly you can see file reads for those things. You know if you have to suppress some stuff you would expect but the moment you see Chrome or RAR or you know whatever like they just open up an LSAS process right? It doesn't survive past reboot I guess. did somebody open a handle to LSAS like a read handle to the LSAS process you can set
00:00
Transcript
Episode notes
Get the Snipd
podcast app
Unlock the knowledge in podcasts with the podcast player of the future.
AI-powered
Discover
highlights
Listen to the best highlights from the podcasts you love and dive into the full episode
Save any
moment
Hear something you like? Tap your headphones to save it with AI-generated key takeaways
Share
& Export
Send highlights to Twitter, WhatsApp or export them to Notion, Readwise & more
AI-powered
podcast player
Listen to all your favourite podcasts with AI-powered features
Discover
highlights
Listen to the best highlights from the podcasts you love and dive into the full episode