Revolutionary Device Detects Mimikatz Use
November 11, 2015I see mimikatz as one of the most significant collections of offensive capability available today. Because there’s so much capability, folks are often interested in how to detect its use on their network.
For example, one blog post recommends that use of Honey Hashes to detect mimikatz use. Others might recommend that you look for Kerberos tickets that expire 10 years from now. These are great examples of ways to detect different Mimikatz features. What if I told you there was a way to detect mimikatz use, regardless of feature?
This technology exists. Better, it’s cheap. This Mimikatz Detection Peripheral only costs $50. Here’s a demonstration of this technology in action:
Note: This technology only detects Mimikatz releases built after October 9, 2015.
This is so good! Cannot beleive it! I’m ordering a bulk of 15,000 pieces of this miracle device right now in order to protect my enterprise! The only thing left is to train users to correctly respond to blinking when that damn mimi… cats… mimikatz runs.
Hi JD,
One quick note: this revolutionary capability *will* detect mimikatz. It is the most exciting thing I’ve seen in my career. Unfortunately, the netcat tool is not detected by this capability. Maybe we can convince its maintainer to add a Busylight module to it. At least we’ve denied the adversary with this one.
Damn! I knew there is another cat… netkatz out there ..