State of the Hack

State of the Hack discusses the latest in information security, digital forensics, incident response, cyber espionage, APT attack trends, and tales from the front lines of significant targeted intrusions.

RSS 0 0

S2E07: DerbyCon Edition w/ Carlos Perez & Benjamin Delpy

Updated about 1 year ago.

In this episode, Christopher Glyer and Nick Carr interview the Darkoperator (@Carlos_Perez) and Benjamin Delpy (@gentilkiwi) on all things related to Mimikatz and Kekeo. They discuss Carlos' new class on Mimikatz, the background on why he started it, how red teamers can use the features in unique/creative ways, and how blue teamers can detect the activity. Benjamin shared the background on how he developed the tools (hint - he didn't read the kerberos RFC), some of its lesser known capabilities, like cloning near field communication (NFC) proximity badges, how kerberos golden tickets got their default 10 year lifetime, why you only really need to set the expiration to 20 minutes, and his "creative" documentation (e.g. animated GIF posted to Twitter).