1
00:00:01,180 --> 00:00:03,140
So it's very late here.

2
00:00:03,220 --> 00:00:09,010
And one thing you don't know is that I recorded my videos at nights I work during the day I spent some

3
00:00:09,010 --> 00:00:16,450
time with my wife and then I find that anywhere from 10:00 to about 3:00 a.m. is the prime time to record

4
00:00:16,450 --> 00:00:21,370
videos because the traffic on my street is insane.

5
00:00:21,370 --> 00:00:27,160
Well I'm telling you all this because I'm a little bit tired and this is going to be my second time

6
00:00:27,160 --> 00:00:33,840
now recording this set of videos on Mimi Katz because I forgot to turn my microphone on.

7
00:00:33,870 --> 00:00:38,580
So forgive me for this but we're going to go through it a second time.

8
00:00:38,590 --> 00:00:41,170
So should be more well polished.

9
00:00:41,170 --> 00:00:42,460
So here we are.

10
00:00:42,490 --> 00:00:49,510
We're talking about Mimi Katz and let's go ahead and just dive right in what is Mimi Katz.

11
00:00:49,540 --> 00:00:55,050
Well Mimi Katz is a tool that we can use to view and steal credentials.

12
00:00:55,060 --> 00:01:01,690
Now it steals these credentials that are stored in memory and it can do a lot of nifty things beyond

13
00:01:01,690 --> 00:01:02,680
stealing credentials.

14
00:01:02,680 --> 00:01:07,190
It can generate Cairo's tickets and it can leverage a lot of attacks.

15
00:01:07,420 --> 00:01:08,730
Just a few attacks.

16
00:01:08,850 --> 00:01:11,620
And that's kind of a joke but credential dumping.

17
00:01:11,620 --> 00:01:16,510
Pass the hash over pass the hash pass the ticket Golden Ticket silver ticket.

18
00:01:16,510 --> 00:01:21,910
Now we're not going to cover all these in this course that starts getting very very deep in here in

19
00:01:21,910 --> 00:01:22,780
a couple of videos.

20
00:01:22,780 --> 00:01:27,340
I'm going to give you resources on where you can go find information on this and how you can get better

21
00:01:27,340 --> 00:01:29,870
and better on some of these things.

22
00:01:29,890 --> 00:01:36,610
But for now my only recommendation is just to cover what I think is important for again for an interview.

23
00:01:36,610 --> 00:01:41,950
And then the more about this that you can learn about these extra attacks that you're seeing here then

24
00:01:41,980 --> 00:01:47,230
the better off you're going to be in your interview but I don't want to overwhelm you with advanced

25
00:01:47,320 --> 00:01:48,390
techniques.

26
00:01:48,430 --> 00:01:52,210
That's going to just possibly leave you confused.

27
00:01:52,210 --> 00:01:57,400
So we're going to keep it with the basics for now and then you can feel free to dive deeper once you

28
00:01:57,400 --> 00:01:59,450
have more comfortability in this topic.

29
00:01:59,860 --> 00:02:03,150
So before we move on I do want to bring up the get hub.

30
00:02:03,160 --> 00:02:10,000
So go ahead and go to the Github page here for me cats and just go ahead and Google get hub.

31
00:02:10,000 --> 00:02:12,680
Mimi Katz and you should be brought here to this.

32
00:02:12,730 --> 00:02:16,450
Now Mimi Katz is made by a gentleman named Benjamin Delpy.

33
00:02:16,450 --> 00:02:17,520
He's out of France.

34
00:02:17,530 --> 00:02:24,310
So Mimi Katz I believe means cute kittens in French or something like that cute cats you might trigger

35
00:02:24,310 --> 00:02:31,990
an unsafe Web site because Windows does not like this most Anna viruses do not like this and this is

36
00:02:31,990 --> 00:02:34,630
made to dump credentials on Windows right.

37
00:02:34,660 --> 00:02:39,670
So there is a cat and mouse game that's going on right now with windows in.

38
00:02:40,060 --> 00:02:42,100
I'm going to show you how to utilize this tool.

39
00:02:42,100 --> 00:02:43,950
We're going to talk about some strategies with it.

40
00:02:44,290 --> 00:02:46,290
And we're going to play around that.

41
00:02:46,300 --> 00:02:50,460
The only caveat that I'm going to say is it's going to work here.

42
00:02:50,560 --> 00:02:57,040
And now for the video by the time that you watch this and you download it there's a possibility that

43
00:02:57,370 --> 00:02:59,190
a patch on Windows might break it.

44
00:02:59,230 --> 00:03:00,890
And then they have to update the patch.

45
00:03:00,890 --> 00:03:04,180
I mean me cat sigh and it's kind of a back and forth game.

46
00:03:04,450 --> 00:03:06,220
But as of right now it's working.

47
00:03:06,370 --> 00:03:09,100
And this is a tool again that is going to get caught.

48
00:03:09,100 --> 00:03:11,080
You can see already unsafe Web site.

49
00:03:11,200 --> 00:03:14,490
If you just download this and upload it to a machine.

50
00:03:14,530 --> 00:03:16,570
Chances are it's going to get picked up.

51
00:03:16,600 --> 00:03:22,040
There are other tools out there that can utilize this one is called invoke Dash.

52
00:03:22,060 --> 00:03:24,400
Mimi Katz is a power shell tool.

53
00:03:24,400 --> 00:03:31,450
Now you can either run that on disk meaning that you can upload that to a computer or you can run that

54
00:03:31,720 --> 00:03:38,290
via what's called i.e. acts which is a way to just download files via a power show and you can download

55
00:03:38,290 --> 00:03:41,440
and execute without ever actually touching the disk.

56
00:03:41,440 --> 00:03:46,720
Those are some advance strategies or just thinking more to the next steps that you might want to start

57
00:03:46,720 --> 00:03:54,280
looking into other strategies to our orchestration and hiding that you're actually running Mimi Katz.

58
00:03:54,310 --> 00:03:59,530
Now again as I said earlier in the course I can show you how to do that and how we do it nowadays.

59
00:03:59,530 --> 00:04:01,630
But it's just going to become outdated.

60
00:04:01,630 --> 00:04:04,600
It's this cat and mouse game and it changes all the time.

61
00:04:04,600 --> 00:04:09,100
So I'd rather show you what the tool can do what it's capable of and let you do this research a little

62
00:04:09,100 --> 00:04:13,480
bit on the outside and learn what more attacks are out there.

63
00:04:13,490 --> 00:04:14,560
Last thing to point out.

64
00:04:14,590 --> 00:04:20,620
So it says here that it is a well-known tool to extract plaintext passwords extracts hashes pin codes

65
00:04:20,620 --> 00:04:22,130
curb rows tickets.

66
00:04:22,150 --> 00:04:27,910
And it does all the attacks we talked about plus a lot more if you scroll down just a little bit.

67
00:04:28,060 --> 00:04:29,140
Come here to this.

68
00:04:29,290 --> 00:04:33,880
I don't want to build it or if you don't want to build it binaries are available because this is in

69
00:04:33,880 --> 00:04:37,510
a SLA and files you'd actually have to compile this.

70
00:04:37,600 --> 00:04:39,250
We're going to go ahead and click this.

71
00:04:39,430 --> 00:04:42,310
If you're on edge it will report it.

72
00:04:42,340 --> 00:04:43,290
So go ahead.

73
00:04:43,290 --> 00:04:45,230
Just disregard this.

74
00:04:45,310 --> 00:04:52,000
And right here we are currently on this 20 19 November 11 November 25th.

75
00:04:52,510 --> 00:04:54,580
So go ahead and just download that.

76
00:04:54,670 --> 00:05:01,210
You may have to download this you at the disable defender if you downlink it directly to your machine

77
00:05:01,210 --> 00:05:02,500
or your antivirus.

78
00:05:02,500 --> 00:05:07,210
My suggestion is to download it directly to your domain controller.

79
00:05:07,270 --> 00:05:09,130
So go ahead and put this on the domain controller.

80
00:05:09,130 --> 00:05:14,700
So from here on out what we're going to assume is we're going to assume that we have compromised the

81
00:05:14,710 --> 00:05:20,680
domain controller and we're going to talk about what we can do once we compromise it why we're doing

82
00:05:20,680 --> 00:05:27,010
that and what some attacks are that we can use for persistence specifically a golden ticket and what

83
00:05:27,010 --> 00:05:29,170
a golden ticket is capable of.

84
00:05:29,200 --> 00:05:34,240
So let's go ahead and meet in the next video we actually explore what we can do with this tool and then

85
00:05:34,240 --> 00:05:35,800
we'll kind of take it from there.