nosferatu: Lsass NTLM Authentication Backdoor
nosferatu Lsass NTLM Authentication Backdoor How it Works First, the DLL is injected into the lsass.exe process and will begin hooking authentication WinAPI calls. The targeted function is MsvpPasswordValidate(), located in NtlmShared.dll. In the...
