0
  • Home
  • Blog
  • Preventing Mimikatz Attacks by Panagiotis Gkatziroulis

Preventing Mimikatz Attacks by Panagiotis Gkatziroulis

(663 views)

Mimikatz is playing a vital role in every internal penetration test or red team engagement mainly for its capability to extract passwords from memory in clear-text. It is also known that adversaries are using Mimikatz heavily in their operations. Even though that Microsoft introduced a security patch which can be applied even in older operating systems such as Windows 2008 Server still Mimikatz is effective and in a lot of cases it can lead to lateral movement and domain escalation. It should be noted that Mimikatz can only dump credentials and password hashes if it is executed from the context of a privilege user like local administrator. Debug Privilege The debug privilege according to Microsoft determines which users can attach a debugger to any process or to the kernel. By default this privilege is given to Local Administrators. However it is highly unlikely that a Local Administrator will need this....

Read the rest of this story with a free account.

Already have an account? Sign in

February 6, 2019
Subscribe
Notify of
guest
1 Comment
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Get unlimited access

Become an Instructor

Become a Reviewer

Writing on Hakin9

LOOKING for a JOB in IT security?



© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023
What certifications or qualifications do you hold?
Max. file size: 150 MB.
Please review your information and consent to the processing of your personal data.(Required)
What level of experience should the ideal candidate have?
What certifications or qualifications are preferred?
Please review your information and consent to the processing of your personal data.(Required)

Download Free eBook

Step 1 of 4

Name(Required)

We’re committed to your privacy. Hakin9 uses the information you provide to us to contact you about our relevant content, products, and services. You may unsubscribe from these communications at any time. For more information, check out our Privacy Policy.