Top Ad unit 728 × 90

Latest News

random

Daily Blog #594: Forensic Lunch Test Kitchen 1/11/19 Server 2008 R2 Syscache Mimikatz

Hello Reader,
  Tonight on request from a viewer we are looking to see what Mimikatz leaves behind in the Syscache hive on Windows Server 2008 R2.

Here is what we learned:

  • The Syscache hive did not appear to log the 64 bit mimikatz executable from the first execution
  • It did log the 32 bit mimikatz executable on first execution
  • It did log the 64 bit mimikatz executable on the desktop
  • It did not appear to log the 64 bit mimikatz executable in the documents directory
  • The sha-1 16 bit hashes were correctly searched by Virustotal identifying mimikatz

We are going to leave the VM running over the weekend to see if the other 64 bit executables show up, see you next week. In the mean time tomorrow come back to see this weeks Sunday Funday winner with the new contest posted this Sunday.

You can watch the video here:

Daily Blog #594: Forensic Lunch Test Kitchen 1/11/19 Server 2008 R2 Syscache Mimikatz Reviewed by David Cowen on January 11, 2019 Rating: 5

No comments:

All Rights Reserved by Hacking Exposed Computer Forensics Blog © 2014 - 2020
Powered By Blogger, Designed by Sweetheme

Contact Form

Name

Email *

Message *

Powered by Blogger.