Explore the challenges of detecting Mimikatz, a powerful post-exploitation tool, in this 45-minute conference talk from Hack in Paris. Delve into the complexities of this hacking tool, known primarily for its ability to extract clear text passwords from memory, but with capabilities extending far beyond. Examine why antivirus vendors struggle to catch Mimikatz despite years of its existence, and question the effectiveness of various security measures including SIEM, EDR, and compliance frameworks. Gain insights from the speaker's unique perspective as both a Mimikatz contributor and blue team member. Uncover the tool's true scope, weaknesses related to credential gathering and Active Directory, and evaluate different approaches to detection and mitigation. Leave with a deeper understanding of Mimikatz's power and the ongoing challenges in cybersecurity defense.
Overview
Syllabus
HIP19: You « try » to detect mimikatz - V. Le Toux
Taught by
Hack in Paris
Related Courses
-
You Try to Detect Mimikatz
-
Introduction to IoT Reverse Engineering
-
Whoami Priv - Show Me Your Privileges and I Will Lead You to SYSTEM
-
Who Watches the Watchmen - Adventures in Red Team Infrastructure Herding and Blue Team OPSEC Failures
-
Pinata - PIN Automatic Try Attack
-
Offensive Hunting - Using Blue Team Techniques in Red Team Ops
