Preventing Mimikatz Attacks by Panagiotis Gkatziroulis

(673 views)

Mimikatz is playing a vital role in every internal penetration test or red team engagement mainly for its capability to extract passwords from memory in clear-text. It is also known that adversaries are using Mimikatz heavily in their operations. Even though that Microsoft introduced a security patch which can be applied even in older operating systems such as Windows 2008 Server still Mimikatz is effective and in a lot of cases it can lead to lateral movement and domain escalation. It should be noted that Mimikatz can only dump credentials and password hashes if it is executed from the context of a privilege user like local administrator. Debug Privilege The debug privilege according to Microsoft determines which users can attach a debugger to any process or to the kernel. By default this privilege is given to Local Administrators. However it is highly unlikely that a Local Administrator will need this....

February 6, 2019
Subscribe
Notify of
guest
1 Comment
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023
What certifications or qualifications do you hold?
Max. file size: 150 MB.
What level of experience should the ideal candidate have?
What certifications or qualifications are preferred?

Download Free eBook

Step 1 of 4

Name(Required)

We’re committed to your privacy. Hakin9 uses the information you provide to us to contact you about our relevant content, products, and services. You may unsubscribe from these communications at any time. For more information, check out our Privacy Policy.