S4E01: KEGTAP-ing Out: Don't be a One Trickbot Pony
about 12 hours ago.
Updated about 1 year ago.
In this episode, Christopher Glyer and Nick Carr interview the Darkoperator (@Carlos_Perez) and Benjamin Delpy (@gentilkiwi) on all things related to Mimikatz and Kekeo. They discuss Carlos' new class on Mimikatz, the background on why he started it, how red teamers can use the features in unique/creative ways, and how blue teamers can detect the activity. Benjamin shared the background on how he developed the tools (hint - he didn't read the kerberos RFC), some of its lesser known capabilities, like cloning near field communication (NFC) proximity badges, how kerberos golden tickets got their default 10 year lifetime, why you only really need to set the expiration to 20 minutes, and his "creative" documentation (e.g. animated GIF posted to Twitter).