Senses

LSA Secrets · SynAc

TERM

LSA Secrets

Adversaries with SYSTEM access to a host may attempt to access Local Security Authority (LSA) secrets, which can contain a variety of different credential materials, such as credentials for service accounts.(Citation: Passcape LSA Secrets)(Citation: Microsoft AD Admin Tier Model)(Citation: Tilbury Windows Credentials) LSA secrets are stored in the registry at HKEY_LOCAL_MACHINE\SECURITY\Policy\Secrets. LSA secrets can also be dumped from memory.(Citation: ired Dumping LSA Secrets)

Updated

Jan 03, 2026

Senses

Sense 1

Adversaries with SYSTEM access to a host may attempt to access Local Security Authority (LSA) secrets, which can contain a variety of different credential materials, such as credentials for service accounts.(Citation: Passcape LSA Secrets)(Citation: Microsoft AD Admin Tier Model)(Citation: Tilbury Windows Credentials) LSA secrets are stored in the registry at <code HKEY LOCAL MACHINE\SECURITY\Policy\Secrets</code . LSA secrets can also be dumped from memory.(Citation: ired Dumping LSA Secrets) Reg can be used to extract from the Registry. Mimikatz can be used to extract secrets from memory.(Citation: ired Dumping LSA Secrets)

Reg can be used to extract from the Registry. Mimikatz can be used to extract secrets from memory.(Citation: ired Dumping LSA Secrets)

MITRE ATT&CK (CTI STIX Data)

Bibliography

MITRE ATT&CK (CTI STIX Data)
Accessed Jan 03, 2026Quoted
MITRE ATT&CK CTI (STIX bundle)
https://raw.githubusercontent.com/mitre-attack/attack-stix-data/master/enterprise-attack/enterprise-attack.json