Mimikatz: Everything You Need to Know - Online Training

Trainer: Carlos Perez

Course Description:

Mimikatz is a POC written by Benjamin Delpy as a way for him to learn C and show some of the design risks in many of Windows authentication subsystems. The tool has become the #1 tool when it comes to learning about credential extraction on Windows system and has been used by Red Team, Pentester, auditors, and even nation-states in their operations. The class will cover in detail the fundamentals of the toolset Benjamin has developed including features that many don’t even know it has.

This course qualifies for 14 hours of CPE credit hours.

Overview / Course Syllabus:

The class will cover:

What is Mimikatz and Kekeo

o The Basics

o Standard Module

o Misc Module

Working with Privileges and Tokens

o Privilege Module

o Token Module

Working with Processes

RPC and SMB Remote Control

LSASS and LSA

o Windows Authentication

o LSASS Protection

o Kernel Module

o Patch and Inject

o SAM

o Cached Credentials

o LSA Secrets

o Security Support Provider

o LSASS Memory Dump

o Changing and Resetting Passwords

o Pass the Hash

Kerberos

o Kerberos Basics

o Working with Kerberos Tickets

o ChangePAsswData

o Over Pass the Hash – Key

o Pass the Cache

o Golden Ticket

o Silver Ticket

o Kerberoasting

Becoming a Domain Controller

o DCShadow

o DCSync

o NetSync

DPAPI – Data Protection API

o Why DPAPI

o What is DPAPI

o Working with Keys

o Credential History

o Credential Vault

o Decrypting Application Secrets

Student Requirements

Students should be familiar with Windows and Active Directory. Students should be able to use Microsoft RDP (Remote Desktop Protocol) to connect to lab systems on port 5001 and 5004 TCP.

What’s provided?

Students will get slides and lab manual in digital form.

Pricing:
$1,500 per student

*Contact us for a military discount and group pricing (3 or more students).