Awesome work mate as always 
Some study notes on LSASS hooking for harvesting interactive logon credentials.
https://ired.team/offensive-security/credential-access-and-credential-dumping/intercepting-logon-credentials-by-hooking-msv1_0-spacceptcredentials …
Thanks to @_xpn_ for his inspiring posts about mimikatz.
-
-
-
Thank you man, much appreciated, although I am just a messenger learning from guys like yourself
- Još 2 druga odgovora
Novi razgovor -
-
-
There is a simplier way to perform: make a single DLL with security package exports functions (and the entry to SpAcceptCredentials). Then insert it in live LSASS using AddSecurityPackage. No need to hook, there is an API for that ;-)
-
Thanks for the feedback
@mysmartlogon, I appreciate it! I think I have posted about something similar to what you suggested https://ired.team/offensive-security/credential-access-and-credential-dumping/intercepting-logon-credentials-via-custom-security-support-provider-and-authentication-package … The post you commented on, however, had a slightly different learning goals for me - signature and hooking being the key ones.
Kraj razgovora
Novi razgovor -
-
-
So awesome, nice job as always.
-
hey, thanks and nice to hear from you captain!
Kraj razgovora
Novi razgovor -
-
-
Great work!
-
Thank you good sir!
Kraj razgovora
Novi razgovor -
-
-
Quality work as always Sir
, I'll need to try and port this to Fermion when I have a moment.pic.twitter.com/TQVfoyI58m -
Ooo, thank you Sire
. I still have to find time play around with Fermion 
Kraj razgovora
Novi razgovor -
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.