ILTA-bound

Heading to Washington D.C. for #ILTACON2018 one day late thanks to American Airlines scrapping my flight Sunday. To be honest, I did enjoy the “extra” day with my family.

Limiting Mimikatz in Your Environment

Panagiotis Gkatziroulis writing for the Blue Team Medium account has a very detailed article describing steps an organization can take to limit the effectiveness of various Mimikatz exploits. https://medium.com/blue-team/preventing-mimikatz-attacks-ed283e7ebdd5

Even though that Microsoft introduced a security patch which can be applied even in older operating systems such as Windows 2008 Server still Mimikatz is effective and in a lot of cases it can lead to lateral movement and domain escalation. It should be noted that Mimikatz can only dump credentials and password hashes if it is executed from the context of a privilege user like local administrator.