Read the full article at TidBITS, the oldest continuously published technology publication on the Internet. To get a full-text RSS feed, help support our work and become a TidBITS member! Members also enjoy an ad-free version of our Web site, email delivery of individual articles, the ability to make long comments with live links, and discounts on Take Control orders and other Apple-related products.
Read more of this story at Slashdot.
Read more of this story at Slashdot.
Suspended ledes serve no purpose but to demonstrate the writer’s cleverness, and I get angry at the writer every time I read one.
(A suspended lede is where the thing-being-talked-about is withheld right at first. Some one or a few provocative sentences, designed to grab the reader’s attention, appear first — and then there’s the big reveal of the actual subject.)
* * *
This post, rewritten with a suspended lede, might have looked like this:
I hate it with the heat of a thousand white-hot stars on a summer afternoon, that overplayed gimmick, that tired writing tic that does nothing but draw attention to the writer’s cleverness.
Wow! What’s he talking about?! This is so danged interesting that I must keep reading! What a great writer!
The suspended lede.
Oh! Of course! That totally fits! What a great writer!
Puke. It’s so pukey.
* * *
Respect your readers: tell them the subject right up front. Write well enough to keep their attention. Don’t draw attention to your own cleverness.
Our own Mark Baggett (@markbaggett) recently reTweeted Sean Metcalfs (@PyroTek3) Tweet about his Active Directory Security post, an Unofficial Guide to Mimikatz Command Reference.
This is a freaking gold mine, well done Sean!
Using Mimikatz as part of red/blue exercises and scenarios is near and dear to my heart, its the attacker basis, along with PowerShell and Metasploit,of my May 2015 toolsmith, Attack Detection: Hunting in-memory adversaries with Rekall and WinPmem.Sean describes Mimikatz and its use with such robust detail, even the uninitiated should be able to grasp the raw power of the tool (both dangerous and useful).
First and foremost, Ill quote one of Seans most important points:
This information is provided to help organizations better understand Mimikatz capability and is not to be used for unlawful activity. Do NOT use Mimikatz on computers you dont own or have been allowed/approved to. In other words, dont pen-test/red-team systems with Mimikatz without a get out of jail free card.
Further, Sean developed this reference after speaking with both hired defenders and attackers, and learned that outside of a couple of the top three mostused Mimikatz commands, not many knew about the full capability of Mimikatz.
This page details as best as possible what each command is, how it works, the rights required to run it, the parameters (required optional), as well as screenshots and additional context (where possible). Sean indicates there are several that he hasnt dug intofully yet, but expects to in the near future.">Unofficial Guide toMimikatz Command Reference on your immediate must read and bookmark list and find safe ways to explore its capabilities.
Again, if your one of those folks who spend time in both red and blue team actvities, it">|">@holisticinfosec