Mimikatz detecting

Mimikatz is a tool that implements the functionality of Windows Credentials Editor and allows you to get the authentication data of a logged-in user in the clear. The method used to detect Mimikatz is referred to as a grouping which consists of taking a group of unique artifacts and identifying.
The author guides Cyberwardog to create alerts for detecting Mimikatz using Sysmon and ELK Stask in this article. It should be noted that you must already have ELK Stack installed with the ElastAlert setting. The script is needed to process some logic needed to test a couple of things before we can turn off the alert to get started.

The advice and scripts are included with this warranty. As always, never blindly trust scripts off the internet.

You can find more complete information about the work done in this article.

More.

DISCLAIMER: THIS POST IS FOR INFORMATIONAL PURPOSES ONLY AND IS NOT TO BE CONSIDERED LEGAL ADVICE ON ANY SUBJECT MATTER. DIGITAL FORENSICS CORP. IS NOT A LAWFIRM AND DOES NOT PROVIDE LEGAL ADVICE OR SERVICES. By viewing posts, the reader understands there is no attorney-client relationship, the post should not be used as a substitute for legal advice from a licensed professional attorney, and readers are urged to consult their own legal counsel on any specific legal questions concerning a specific situation.