Overview
Syllabus
Intro
Infrastructure and Process
Data Models Model Concern Credential
Code and Functionality
Credentials Refactor Credential:{Private Public Realm}
Mimikatz 1.x Works on 2000 & XP Golden Ticket LSA secrets
Incognito v2 Support for 2008+ Recognizes deny-only SIDS
ADSI adsi_computer_enum adsi_domain_query adsi_user_enum
Clipboard management clipboard_get_data clipboard_set_data
BrowserExploitServer Incorporates JSObfu and OS/app detection Simplifies browser exploits ROPDB
Javascript Detection Updates for Os detection Support for extensions
Firefox Post Exploitation post/firefox/gather cookies history passwords
AddJavascriptInterface android/browser/webview_addjavascriptinterface
AOSP Browser UXSS auxiliary/gather/android_stock_browser_uxss
Printer Job Language HP's thing for talking to printers
Reverse Hop HTTP(S) Drop small PHP script on an intermediate host
Future work Moar credentials!!1!!! SMB2