# 注册SSP DLL

## SSP <a href="#h1-ssp" id="h1-ssp"></a>

安全支持提供程序（SSP）是Windows API，用于扩展Windows身份验证机制。LSASS进程在Windows启动期间会加载SSP DLL。

注：这种方法一般用来Dump内存并获取密码，只是拿来做权限维持实在是大材小用了，迄今为止也只听说了Lazarus这个朝鲜APT组织这么干过。。。（[https://labs.f-secure.com/publications/ti-report-lazarus-group-cryptocurrency-vertical/）](https://labs.f-secure.com/publications/ti-report-lazarus-group-cryptocurrency-vertical/%EF%BC%89)

再注：找不到现有的POC，自己也懒得写了，所幸 <https://github.com/PowerShellMafia/PowerSploit> 里有一个”Install-SSP”方法，有兴趣的同学可以去看看。至于注入SSP DLL的其他相关内容会在Mimikatz部分专门讨论。


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.qwqdanchun.com/persistence/uncatelogued/ssp-dll.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.