Showing posts from May, 2019

Understanding Mimikatz - The basics

Mimikatz - What is it and what can you do against it ? Mimikatz is a self-exploitation tool designed mainly to steal a password. But nothing is as simple as it sounds because it doesn’t really steal passwords, it steals authentication Tokens\Tickets or password hashes. Sound baffling? Actually, it’s a lot simpler than it sounds. It is a common misconception to think that in order to gain access to a certain resource on a computer or a network, all you need is the username and password that allows you access to that specific resource. In theory that is correct, but in the background something completely different is happening. In order to gain the desired access, you need the correct key, and the correct key is what happens after you punch in your password. Let me explain: In order to prevent the stealing of the password by various mechanics, the password is never stored as it is. Instead, it is stored as Hash: a mathematical function that changes the password into

A new blog - Making Cyber Security Easier - Introduction

Making Cyber Security Easier, Simpler and More Secure by Erez Kaplan -Cyber 2.0 CTO In this blog, I will take the complicated world of Cyber Security, and strip it down to its bare essence, while helping you make your network more secure. When necessary, I will delve into the depths and mechanics of new and intriguing attacks, and the ways of defending against them. If you want me to write about a specific Subject, Or have a specific question you want answered. Please write it in your comments, And I will do my best to answer. Best Regards Erez Kaplan Haelion Cyber 2.0 - CTO www,