Theory

The Local Security Authority (LSA) is a protected system process that authenticates and logs users on to the local computer. The LSA is responsible for enforcing security policies and managing user authentication and authorization. It validates user information by checking the Security Accounts Manager (SAM) database. We may abuse some of its mechanisms to acheive persistencce.

Practice