Overview
Wazuh - LSASS Credential Dumping Analysis is an endpoint detection lab focused on Windows credential access behavior.
The scenario centers on suspicious interaction with LSASS, a sensitive Windows process tied to authentication material and user sessions. For a SOC analyst, the value is in understanding the process context, the alert source, the host role, and whether the surrounding activity suggests credential theft.
This lab helps learners practice Windows alert triage, credential dumping investigation, and prioritization of high-risk endpoint events.
Related Labs
Related trainings
