h1

Revolutionary Device Detects Mimikatz Use

November 11, 2015

I see mimikatz as one of the most significant collections of offensive capability available today. Because there’s so much capability, folks are often interested in how to detect its use on their network.

For example, one blog post recommends that use of Honey Hashes to detect mimikatz use. Others might recommend that you look for Kerberos tickets that expire 10 years from now. These are great examples of ways to detect different Mimikatz features. What if I told you there was a way to detect mimikatz use, regardless of feature?

This technology exists. Better, it’s cheap. This Mimikatz Detection Peripheral only costs $50. Here’s a demonstration of this technology in action:

Note: This technology only detects Mimikatz releases built after October 9, 2015.

3 comments

  1. This is so good! Cannot beleive it! I’m ordering a bulk of 15,000 pieces of this miracle device right now in order to protect my enterprise! The only thing left is to train users to correctly respond to blinking when that damn mimi… cats… mimikatz runs.


    • Hi JD,
      One quick note: this revolutionary capability *will* detect mimikatz. It is the most exciting thing I’ve seen in my career. Unfortunately, the netcat tool is not detected by this capability. Maybe we can convince its maintainer to add a Busylight module to it. At least we’ve denied the adversary with this one.


  2. Damn! I knew there is another cat… netkatz out there ..



Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s