Рет қаралды 7,417
From Mimikatz to Kekeo, Passing by New Microsoft Security Technologies.
In recent years, Microsoft has multiplied efforts to slow down some mimikatz behaviors... the most popular, and in some ways the most dangerous.
During this presentation, we will make a retrospective at Microsoft's methods to prevent credentials theft, either in terms of fast/dirty patches or changes in infrastructure.
Of course, with the equivalent of their bypasses, or alternative methods.
With the increase of detections and new security technologies in Windows, attack methods to elevate privileges have evolved.
New teams are using methods that cannot be "corrected" ... they are now closer to protocols, near official methods, and standards offered by Windows.
We will take a look at the latest features of mimikatz, but also of its turbulent little brother, Kerberos oriented; kekeo...
All of this with a very particular focus on PKINIT Mustiness and Windows 2016; you will no longer look at your credentials and smartcards/tokens in the same way.