Then, before he'd even left Russia, he published the code open source on Github, both fearing for his own physical safety if he kept the tool's code secret and figuring that if hackers were going to use his tool, defenders should understand it too.Īs the use of Mimikatz spread, Microsoft in 2013 finally added the ability in Windows 8.1 to disable WDigest, neutering Mimikatz's most powerful feature. As soon as he finished giving his talk to a crowd of hackers in an old Soviet factory building, another man in a dark suit approached him and brusquely demanded he put his conference slides and a copy of Mimikatz on a USB drive.ĭelpy complied. But even after the run-in with the man in his hotel room, the Russians weren't done. He accepted-a little naively, still thinking that Mimikatz's tricks must have already been known to most state-sponsored hackers. In early 2012, Delpy was invited to speak about his Windows security work at the Moscow conference Positive Hack Days. "To help stay protected, we recommend customers follow security best practices and apply the latest updates." Microsoft said as much in response to WIRED's questions about Mimikatz: "It’s important to note that for this tool to be deployed it requires that a system already be compromised," the company said in a statement. After all, a hacker would already have to gain deep access to a victim's machine before he or she could reach that password in memory. But he says the company brushed off his warning, responding that it wasn't a real flaw. "It’s like storing a password-protected secret in an email with the password in the same email," Delpy says.ĭelpy pointed out that potential security lapse to Microsoft in a message submitted on the company's support page in 2011. While Windows keeps that copy of the user's password encrypted, it also keeps a copy of the secret key to decrypt it handy in memory, too. That feature is designed to make it more convenient for corporate and government Windows users to prove their identity to different applications on their network or on the web it holds their authentication credentials in memory and automatically reuses them, so they only have to enter their username and password once. Mimikatz first became a key hacker asset thanks to its ability to exploit an obscure Windows function called WDigest.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |