← Cybersecurity Alphabet Soup

SAM

Security Account Manager

networkmedium

The SAM is the Windows database that stores local account names and password hashes, kept in the registry and backed by a file under System32\config. Attackers with admin or SYSTEM access dump the SAM to extract NTLM hashes for cracking or pass-the-hash attacks against other machines. Unique local admin passwords via LAPS and restricting admin access are the main defenses against SAM credential theft.

Sources

More in network