Collaborate Disseminate
I’ve used Mimikatz to patch the domain controller with a skeleton key misc::skeleton, which makes it possible for any domain user to authenticate with the password “mimikatz”, while still being able to use their original pass… Continue reading How does the so-called skeleton key (master password) in Mimikatz work?
The national cybersecurity agencies of the United States, U.K., Canada, Australia and New Zealand, known in the intelligence world as the Five Eyes, have released a joint report on five publicly available hacking tools that are widely used in cyberatt… Continue reading Five Eyes Cybersecurity Agencies Release Report on Hacking Tools
In mimikatz, sekurlsa::pth also supports /aes256 switch. But how can I get the aes256 hash?
I can retrieve NTLM hash from many different tools. Is there any way to convert it to an aes256 one?
I don’t understand why the author of Mimikatz named the parameter for the NTLM argument /rc4 instead of /ntlm.
Could anyone clarify?
I’m studying how pass-the-ticket works using Mimikatz, i.e., forged Silver and Golden Kerberos tickets.
The command usually takes the form (Golden tickets):
kerberos::golden /sid:SID /domain:DOMAIN /rc4:RC4 /user:USER /id:ID /ptt
The c… Continue reading Mimikatz /rc4 argument for pass-the-ticket?
A newly uncovered hacking group has breached a number of critical infrastructure and government organizations in the Middle East with a mixture of publicly available and custom-built tools, according to new research from cybersecurity giant Symantec. Dubbed Leafminer by the company, the group has infiltrated a number of organizations in countries such as Azerbaijan, Israel, Lebanon and Saudi Arabia, with a variety of intrusion techniques. Researchers observed the group using watering hole websites, vulnerability scans and brute-force login attempts for the purposes of data theft. Symantec researchers categorized the group as “highly active,” conducting various operations since early 2017. The group targeted a wide range of sectors, including energy, government, finance and telecommunications. According to Vikram Thakur, Symantec’s technical director, the group was active up until publication of the company’s research. “Their servers are very much still up,” Thakur told CyberScoop. The group is particularly adept at honing its skills based […]
The post Newly uncovered ‘Leafminer’ hacking group hitting wide array of Middle Eastern targets appeared first on Cyberscoop.
Let’s say I’m using mimikatz’s source code and the public release binary is flagged by many anti viruses so if I recompile the mimikatz project would it evade anti viruses ?
After a lot of frustration, I’ve finally cracked my local Windows 10 password using mimikatz to extract the proper NTLM hash.
In particular, samdump2 decrypted the SAM hive into a list of users with "blank" passwords:
samdump2 sy… Continue reading Decrypting SAM hive after Windows 10 anniversary update?
Continuing where we left off in The HELK vs APTSimulator – Part 1, I will focus our attention on additional, useful HELK features to aid you in your threat hunting practice. HELK offers Apache Spark, GraphFrames, and Jupyter Notebooks &#… Continue reading toolsmith #132 – The HELK vs APTSimulator – Part 2
Continuing where we left off in The HELK vs APTSimulator – Part 1, I will focus our attention on additional, useful HELK features to aid you in your threat hunting practice. HELK offers Apache Spark, GraphFrames, and Jupyter Notebooks as par… Continue reading toolsmith #132 – The HELK vs APTSimulator – Part 2