Tag: Mimikatz
-
Inside the Protocol: Master Kerberos Defense and Detection with Kerlab’s Rust Toolkit
Kerlab A Rust implementation of Kerberos for FUn and Detection Kerlab was developed just to drill down kerberos protocol and better understand it. The main purpose is to write more targeted detection rules. kerasktgt Kerberos Ask Ticket Granting Ticket Use to ask the first Ticket in kerberos protocol. If the username is not set, the TGT request…
-
NativeDump: Stealthy LSASS Dumping Tool Bypasses EDRs Using Only NTAPIs
NativeDump allows to dump the lsass process using only NTAPIs generating a Minidump file with only the streams needed to be parsed by tools like Mimikatz or Pypykatz (SystemInfo, ModuleList and Memory64List Streams). NTOpenProcessToken and NtAdjustPrivilegeToken to get the “SeDebugPrivilege” privilege RtlGetVersion to get the Operating System version details (Major version, minor version and build…
-
QazLocker Ransomware: Flaws in Encryption Allow for Data Recovery
In the cybercriminal domain, a new variant of ransomware named QazLocker is gaining momentum. It’s being used in a multitude of attacks to target companies across various business sectors in different countries. However, there’s a particularly intriguing aspect to the operation of this malicious software. Experts at Acronis have conducted a thorough analysis of this…