Can SSPs be deleted or enumerated, and what are the limitations?
SSPs can be enumerated using `EnumerateSecurityPackages` to list all loaded packages (Kerberos, NTLM, etc.). However, the `DeleteSecurityPackage` API returns an error (0x80090302) because Microsoft does not allow SSP removal without a system restart, as noted in security research. This limitation means that once a malicious SSP is added via registry or RPC, it persists until reboot, similar to challenges faced in Credential Manager retrieval.
enumerate SSPDeleteSecurityPackagepersistencelsasscredential theft
Source:Usage of SSP in Mimikatz