The Mimikatz story is fascinating to me.
“Mimikatz first became a key hacker asset thanks to its ability to exploit an obscure Windows function called WDigest. That feature is designed to make it more convenient for corporate and government Windows users to prove their identity to different applications on their network or on the web; it holds their authentication credentials in memory and automatically reuses them, so they only have to enter their username and password once. While Windows keeps that copy of the user's password encrypted, it also keeps a copy of the secret key to decrypt it handy in memory, too. "It’s like storing a password-protected secret in an email with the password in the same email," Delpy says.” (Greenberg. He Perfected a Password-Hacking Tool—Then the Russians Came Calling)
Then he goes to a security conference in Russia and the rest is history.
“When he returned, as Delpy tells it, he was shocked to find the stranger standing at the room's desk, a small black rollerboard suitcase by his side, his fingers hurriedly retracting from Delpy's keyboard. The laptop still showed a locked Windows login screen. The man mumbled an apology in English about his keycard working on the wrong room, brushed past Delpy, and was out the door before Delpy could even react. "It was all very strange for me," Delpy says today. "Like being in a spy film." (Greenberg. He Perfected a Password-Hacking Tool—Then the Russians Came Calling)
Comments