What are you all doing to mitigate the tool mimikatz or something like it? (Lets face it AV might pick it up but something else could easily be built and re deployed)
Mimikatz is able to pull clear text passwords from Windows XP-Windows 8 (and server) for interactively logged on users.
The "fix" is to remove SPP's from the CredSSP list like Msv, tspkg, wdigest, Kerberos, and LiveSSP. Some are removable able but Kerberos for example isn't in a Domain environment.
To mitigate this obviously limit interactive logins to servers and clients, but if there is a service account running there isn't much you can do other than limit the Service accounts access and make sure Administrative users log off the system. So other than forcing a log off on on idle sessions what can we do? Ideas?
Mimikatz is able to pull clear text passwords from Windows XP-Windows 8 (and server) for interactively logged on users.
The "fix" is to remove SPP's from the CredSSP list like Msv, tspkg, wdigest, Kerberos, and LiveSSP. Some are removable able but Kerberos for example isn't in a Domain environment.
To mitigate this obviously limit interactive logins to servers and clients, but if there is a service account running there isn't much you can do other than limit the Service accounts access and make sure Administrative users log off the system. So other than forcing a log off on on idle sessions what can we do? Ideas?
Facebook
Twitter