Method and device for detecting and intercepting Mimikatz, computer equipment and readable storage medium

A computer and computer program technology, applied in the field of detection and interception of Mimikatz, to achieve the effect of rapid detection and interception

Inactive Publication Date: 2018-05-18
广东省信息安全测评中心
View PDF2 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] Based on this, it is necessary to provide a method, device, computer equipment and readable storage medium for detecting and intercepting Mimikatz for the problem of Mimikatz tools obtaining passwords

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for detecting and intercepting Mimikatz, computer equipment and readable storage medium
  • Method and device for detecting and intercepting Mimikatz, computer equipment and readable storage medium
  • Method and device for detecting and intercepting Mimikatz, computer equipment and readable storage medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0031] In order to make the purpose, technical solution and advantages of the present application clearer, the present application will be further described in detail below in conjunction with the accompanying drawings and embodiments. It should be understood that the specific embodiments described here are only used to explain the present application, and are not intended to limit the present application.

[0032] Unless otherwise defined, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the technical field to which this application belongs. The terminology used herein in the specification of the application is only for the purpose of describing specific embodiments, and is not intended to limit the application. It should be understood that the various steps in the flow chart of the present application are displayed in sequence according to the arrows, but these steps are not necessarily executed in sequen...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to a method and device for detecting and intercepting Mimikatz, computer equipment and a readable storage medium. The method comprises the following steps of: obtaining dll filesin a dynamic link library loaded during process operation in real time; comparing the dll files with dll files in a Mimikatz-dll feature library one by one, wherein the Mimikatz-dll feature library is a feature library formed by dll files loaded during Mimikatz operation; when the dll files comprises all the dll files in the Mimikatz-dll feature library, intercepting processes corresponding to the dll files; and when the interception succeeds, returning the dll files, , obtained in real time in the dynamic link library loaded during the process operation.

Description

technical field [0001] The present application relates to the field of computer technology, in particular to a method, device, computer equipment and readable storage medium for detecting and intercepting Mimikatz. Background technique [0002] Mimikatz is a lightweight debugging tool written by the French. It has many functions, such as elevating process privileges, injecting process, reading process memory, etc. It is more known to use Mimikatz to obtain Windows plaintext passwords. . Mimikatz can obtain memory from the Windows authentication process, and obtain plaintext passwords and NTLM (NTLAN Manager, standard security protocol) hash values, attackers can use this to roam the intranet. [0003] The Mimikatz attack tool will not only cause the passwords in the Windows system to be disclosed, but also use this attack tool as a vulnerability exploit tool combined with other malware, which will cause great harm to network security. For example, the new ransomware "Bad R...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/55G06F21/56
CPCG06F21/554G06F21/566G06F2221/033
Inventor 陈志华刘超颖王文佳向宇张会杰
Owner 广东省信息安全测评中心
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap