Beercow
commented
6 years ago There is a nice article here:
Closed FFY00 closed 5 years ago
Beercow
commented
6 years ago There is a nice article here:
FFY00
commented
6 years ago @Beercow, thank you! That is certainly helpful, however I was looking to something more in-depth. I am particularly interested in the vulnerability. Perhaps something more technical on extracting passwords from LSASS. It doesn't need to be directly related to mimikatz. But anyway, thank you. That article was more helpful that anything I was able to find. Even though it doesn't go into detail, it does explain how it works.
dhruvmalik007
commented
6 years ago It seems that we have to decipher this masterpiece. it's obfuscation of code and technical complexity requires team of researchers. Well i try my best to give my overview (if i got a sense of what the heck it really exploits)
dhruvmalik007
commented
6 years ago http://forensicmethods.com/wp-content/uploads/2014/07/PassTheGolden_Ticket_v1_0.pdf. this also gives a heck lot of information
FFY00
commented
6 years ago Yes. The code doesn't look that complicated, at least the bit I am interested (sekurlsa::logonpasswords). The problem is understanding why is it done and why it works. This is a really technical question but if @gentilkiwi wrote this to learn C, there must be some paper(s) already written about this.
Hi, I would like to ask if it's there any paper regarding how mimikatz work? This is a very interesting topic and I would like to know more about this. Thanks in advance.