Twitter | Search | |
πŸ₯ Benjamin Delpy
a kiwi coding mimikatz, kekeo, wanakiwi, etc. github: mimiswag:
5,915
Tweets
333
Following
26,816
Followers
Tweets
πŸ₯ Benjamin Delpy Apr 18
Replying to @kondencuotas
maybe because at root leve, try on one specific group/computer
Reply Retweet Like
πŸ₯ Benjamin Delpy Apr 18
Replying to @jepayneMSFT
Damn... they're so advanced... how were we doing without machine learning and IA before?
Reply Retweet Like
πŸ₯ Benjamin Delpy Apr 18
Replying to @msuiche
Why so old release! πŸ˜… dooshvari[.]com ERR_NAME_NOT_RESOLVED
Reply Retweet Like
πŸ₯ Benjamin Delpy Apr 18
Replying to @kondencuotas
good one :) fyi: - if you use an up to date version, it will print the masterkey needed when failing to decrypt (can be useful) - there is RDG support to avoid manual stuff:
Reply Retweet Like
πŸ₯ Benjamin Delpy Apr 17
yes, with the user password and masterkeys :)
Reply Retweet Like
πŸ₯ Benjamin Delpy Apr 17
New based on have some advantages, like using dpapi::chrome as-is to dump passwords and cookies 😬 >
Reply Retweet Like
πŸ₯ Benjamin Delpy retweeted
Will Apr 16
β€œI sometimes resort to using Mimikatz as my password manager” -
Reply Retweet Like
πŸ₯ Benjamin Delpy retweeted
guiguiabloc Apr 8
Replying to @QueauGuenole
Reply Retweet Like
πŸ₯ Benjamin Delpy Apr 15
Replying to @zuphzuph
Wut? You mean you want to forbid CIFS and RPC/SMB to DC ?
Reply Retweet Like
πŸ₯ Benjamin Delpy retweeted
Vincent Le Toux Apr 15
Ever wanted to know if your servers have an antivirus installed? Time to disclose my secret reconnaissance technique: Resolve the name "NT Service\<Service>" using MS-LSAD. If Success=>the service is installed! (but maybe stopped) POC: Next in
Reply Retweet Like
πŸ₯ Benjamin Delpy Apr 15
I can't remember where this one is coming from, but thank you internet to have created it
Reply Retweet Like
πŸ₯ Benjamin Delpy Apr 14
I love to give to sysadmins puzzles for Monday >
Reply Retweet Like
πŸ₯ Benjamin Delpy Apr 14
Replying to @gentilkiwi
Reply Retweet Like
πŸ₯ Benjamin Delpy Apr 14
Replying to @gentilkiwi
5/5) And all of that with only normal 4723 events: it's a CHANGE from the user, not a RESET from an operator (4724) (for the demo, policy was changed to allow password change before 1 day -- otherwise, you have to wait)
Reply Retweet Like
πŸ₯ Benjamin Delpy Apr 14
Replying to @gentilkiwi
4/5) Logically, you can also change the previous hash to a new one... (to make jokes πŸ˜‰)
Reply Retweet Like
πŸ₯ Benjamin Delpy Apr 14
Replying to @gentilkiwi
3/5) How... and with the same API you can change a password without knowing the previous one... only its previous hash (can be VERY useful πŸ˜‰)
Reply Retweet Like
πŸ₯ Benjamin Delpy Apr 14
Replying to @gentilkiwi
2/5) But you may prefer to change a password with a new ... hash ? (maybe you understand now why complexity is not checked in previous tweet, and why AES keys don't exist after)
Reply Retweet Like
πŸ₯ Benjamin Delpy Apr 14
You love legacy API and a 2019 DC ? Me too. I updated code for lsadump::changentlm (& lsadump::setntlm) > If you don't need AES keys, do not hesitate to play with: SamiChangePasswordUser 1/5) Here, to bypass password policy (password: 1 char)
Reply Retweet Like
πŸ₯ Benjamin Delpy Apr 14
Reply Retweet Like
πŸ₯ Benjamin Delpy retweeted
Tal Be'ery Apr 14
Reply Retweet Like