Alternative Ways to Detect Mimikatz
Mimikatz is a widely known and used tool in the offensive security scene, and also a nightmare for people in defensive security. Malware and ransomware developers integrate it into their malicious software to be able to propagate over the network. In 2015 a new module was introduced in mimikatz that uses busylights. This was quickly published as a detection technique against the tool but it required a physical device attached to the machine. The idea of detecting mimikatz through this piece of code was re-thought and improved on, now it is easier than ever and made hardware-less.
The talk will take the audience through the process and will show how mimikatz can be detected only by using software components.