Mimikatz is both an exploit on Microsoft Windows that extracts passwords stored in memory and software that performs that exploit.[1] It was created by French programmer Benjamin Delpy and is French slang for "cute cats".[1]

History

edit

Benjamin Delpy discovered a flaw in Microsoft Windows that holds both an encrypted copy of a password and a key that can be used to decipher it in memory at the same time.[1] He contacted Microsoft in 2011 to point out the flaw, but Microsoft replied that it would require the machine to be already compromised.[1] Delpy realised that the flaw could be used to gain access to non-compromised machines on a network from a compromised machine.[1]

He released the first version of the software in May 2011 as closed source software.[1]

In September 2011, the exploit was used in the DigiNotar hack.[1]

Russian conference

edit

He spoke about the software at a conference in 2012.[1] Once during the conference, he returned to his room to find a stranger sitting at his laptop.[1] The stranger apologised, saying he was in the wrong room and left.[1] A second man approached him during the conference and demanded he give him copies of his presentation and software on a USB flash drive.[1] Delpy gave him copies.[1]

Delpy felt shaken by his experiences and before he left Russia, he released the source code on GitHub.[1] He felt that those defending against cyberattacks should learn from the code in order to defend against the attack.[1]

Windows updates

edit

In 2013 Microsoft added a feature to Windows 8.1 that would allow turning off the feature that could be exploited.[1] In Windows 10 the feature is turned off by default, but Jake Williams from Rendition Infosec says that it remains effective, either because the system runs an outdated version of Windows, or he can use privilege escalation to gain enough control over the target to turn on the exploitable feature.[1]

Benjamin Delpy has updated the software to cover further exploits than the original.[2]

Use in malware

edit

The Carbanak attack and the cyberattack on the Bundestag used the exploit.[1] The NotPetya and BadRabbit malware used versions of the attack combined with EternalBlue and EternalRomance exploits.[1]

edit

In Mr. Robot episode 9 of season 2, Angela Moss uses mimikatz to get her boss's Windows domain password.[3]

References

edit
  1. ^ a b c d e f g h i j k l m n o p q r Greenberg, Andy (2017-11-09). "He Perfected a Password-Hacking Tool—Then the Russians Came Calling". Wired. Archived from the original on 2017-11-09. Retrieved 2022-05-21.
  2. ^ Petters, Jeff (2020-08-24). "What is Mimikatz: The Beginner's Guide". Varonis Systems. Retrieved 2022-05-21.
  3. ^ Koecher, Ingmar (21 December 2017). "Mr. Robot, Mimikatz and Lateral Movement".
edit