General

Mimikatz

Each time you execute Mimikatz in Beacon, it does so in a new temporary process which is then destroyed. This means you can't run two "related" commands.

using the ! and @ symbols as "modifiers". The ! elevates to SYSTEM before running the command; and @ impersonates Beacon's thread token before running the command. This latter option is useful in cases where Mimikatz needs to interact with a remote system, such as with dcsync.

Example:

mimikatz !sekurlsa::logonpasswords

Last updated 1 year ago