BATTLE OF SKM AND IUM
1MHMIxh
1MHMIxh
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
LSA TRUSTLET<br />
• One of the two inbox Trustlets on the system, LSAISO.EXE provides the Credential Guard feature of<br />
Windows 10<br />
• Uses the DecryptData and EncryptData <strong>IUM</strong> Base API and nothing else<br />
• Communicates to the outside world using RPC<br />
• Its agent is LSASS.EXE, which runs as usual in Normal Mode<br />
• Provides support for encrypting Kerberos and NTLM secrets without visibility to an outside attacker<br />
without hypervisor/hardware exploits, as well as using Kerberos FAST to securely store and seal a<br />
Machine Key to prevent replay attacks and guarantee the provenance of the TGT