![]() Mimikatz today even includes a feature to cheat in Windows' Minesweeper game, pulling out the location of every mine in the game from the computer's memory.ĭelpy says that before adding a feature that exploits any serious new security issue in Windows, he does alert Microsoft, sometime months in advance. Mimikatz today has become an entire utility belt of Windows authentication tricks, from stealing hashed passwords and passing them off as credentials, to generating fraudulent "tickets" that serve as identifying tokens in Microsoft's Kerberos authentication system, to stealing passwords from the auto-populating features in Chrome and Edge browsers. On the contrary, he has continued to hone his creation, speaking about it publicly and even adding more features over the years. 'I think we must be honest: If it wasn't Mimikatz there would be some other tool.'ĭespite those attacks, Delpy hasn't distanced himself from Mimikatz. "My total time-on-target to evade that fix is about 30 seconds," Williams says. By Windows 10, the company would disable the exploitable function by default.īut Rendition's Williams points out that even today, Mimikatz remains effective on almost every Windows machine he encounters, either because those machines run outdated versions of the operating system, or because he can gain enough privileges on a victim's computer to simply switch on WDigest even if it's disabled. ![]() ![]() Then, before he'd even left Russia, he published the code open source on Github, both fearing for his own physical safety if he kept the tool's code secret and figuring that if hackers were going to use his tool, defenders should understand it too.Īs the use of Mimikatz spread, Microsoft in 2013 finally added the ability in Windows 8.1 to disable WDigest, neutering Mimikatz's most powerful feature. As soon as he finished giving his talk to a crowd of hackers in an old Soviet factory building, another man in a dark suit approached him and brusquely demanded he put his conference slides and a copy of Mimikatz on a USB drive.ĭelpy complied. But even after the run-in with the man in his hotel room, the Russians weren't done. He accepted-a little naively, still thinking that Mimikatz's tricks must have already been known to most state-sponsored hackers. In early 2012, Delpy was invited to speak about his Windows security work at the Moscow conference Positive Hack Days. "To help stay protected, we recommend customers follow security best practices and apply the latest updates." Microsoft said as much in response to WIRED's questions about Mimikatz: "It’s important to note that for this tool to be deployed it requires that a system already be compromised," the company said in a statement. After all, a hacker would already have to gain deep access to a victim's machine before he or she could reach that password in memory. But he says the company brushed off his warning, responding that it wasn't a real flaw. "It’s like storing a password-protected secret in an email with the password in the same email," Delpy says.ĭelpy pointed out that potential security lapse to Microsoft in a message submitted on the company's support page in 2011. While Windows keeps that copy of the user's password encrypted, it also keeps a copy of the secret key to decrypt it handy in memory, too. That feature is designed to make it more convenient for corporate and government Windows users to prove their identity to different applications on their network or on the web it holds their authentication credentials in memory and automatically reuses them, so they only have to enter their username and password once. Mimikatz first became a key hacker asset thanks to its ability to exploit an obscure Windows function called WDigest. ![]()
0 Comments
Leave a Reply. |