Tag Archive: DomainControllerImpersonation

Sep 25

Mimikatz DCSync Usage, Exploitation, and Detection

Note: I presented on this AD persistence method at DerbyCon (2015). A major feature added to Mimkatz this summer is “DCSync” which effectively “impersonates” a Domain Controller and requests account password data from the targeted Domain Controller. DCSync was written by Benjamin Delpy and Vincent Le Toux. The exploit method prior to DCSync was to …

Continue reading »