Overview
The SecurityPackages command enumerates available security packages (SSPs - Security Support Providers) using the EnumerateSecurityPackagesA() API. These packages provide authentication services and include Kerberos, NTLM, Negotiate, and others. Understanding available security packages helps assess authentication capabilities and potential attack vectors.Syntax
This command does not support remote execution.
Output
Returns security package information:- Package name
- Comment/Description
- Capabilities flags
- Version
- RPC ID
- Maximum token size
Use Cases
- Red Team
- Blue Team
- Identify available authentication packages
- Determine SSP capabilities
- Assess authentication protocol support
- Plan credential access techniques
Example Output
Remote Execution
Detection Considerations
Minimal detection risk - queries available security packages via API.
Related Commands
- LSASettings - LSA configuration including auth packages
- NTLMSettings - NTLM authentication settings
- CredGuard - Credential Guard status
- LogonSessions - Active logon sessions