Explore the challenges of detecting Mimikatz, a powerful post-exploitation tool, in this 45-minute conference talk from Hack in Paris. Delve into the complexities of this hacking tool, known primarily for its ability to extract clear text passwords from memory, but with capabilities extending far beyond. Examine why antivirus vendors struggle to catch Mimikatz despite years of its existence, and question the effectiveness of various security measures including SIEM, EDR, and compliance frameworks. Gain insights from the speaker's unique perspective as both a Mimikatz contributor and blue team member. Uncover the tool's true scope, weaknesses related to credential gathering and Active Directory, and evaluate different approaches to detection and mitigation. Leave with a deeper understanding of Mimikatz's power and the ongoing challenges in cybersecurity defense.
Overview
Syllabus
HIP19: You « try » to detect mimikatz - V. Le Toux
Taught by
Hack in Paris