AV-Comparatives - LSASS Credential Dumping Certification Test 2026

[harlan4096]

AV-Comparatives conducts targeted offensive security evaluations, offering vendors the opportunity to achieve certification in specific protection areas. In 2026, one key focus was “Credential Dumping” (LSASS Protection). Certification reports are published exclusively for vendors that successfully meet the defined criteria.

Participating vendors receive detailed technical feedback to further strengthen their products.

https://www.av-comparatives.org/news/lsa...test-2026/
 
Credential dumping from the LSASS process remains one of the most critical techniques in real-world attacks. Once an attacker has gained a foothold on a system, accessing LSASS memory is a common objective, as it contains highly sensitive information such as user credentials in cleartext or hashed form. Successful access to LSASS often enables lateral movement and escalation across the environment.

Positioning

The LSASS Credential Dumping Test is designed as a focused evaluation of a single, high-impact attack objective, rather than a full attack-chain simulation.

While broader evaluations assess end-to-end protection and operational impact, this test isolates one of the most decisive post-compromise steps: the ability to protect credential material in memory. This makes it particularly relevant for analysts and enterprise decision-makers evaluating how effectively a solution can contain an attacker after initial access.

Full Report