The Local Security Authority Subsystem Service (LSASS) sits at the core of Windows security, handling critical functions like authentication, credential management, and security policy enforcement. Despite the sensitive nature of the data it guards, the LSASS exposes a surprisingly wide attack surface through various legacy and modern interfaces. This talk presents the results of a comprehensive research campaign targeting three distinct vectors against this "Iron Giant".
Erik Egsgard is a Principal Security Developer with Field Effect. With over 20 years experience in the computer security field he has found vulnerabilities across a wide range of software and operating systems including Windows, MacOS, iOS and Android.
