Skip to content
/ mimikatz-pth-defender Public

Defender againts Pass the Hash attacks initiated with mimikatz.

1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Eitan1112/mimikatz-pth-defender

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
.gitignore
.gitignore
 
 
Mimikatz-PTH-Defender.mp4
Mimikatz-PTH-Defender.mp4
 
 
README.md
README.md
 
 
script.py
script.py
 
 

Repository files navigation

Mimikatz Pass the Hash Defender

General Info

This tool is run on a Domain Controller. For every successful logon event (4624), it will check the logon events on the remote machine which initiated the logon event. On the remote machine, it looks for logon events with logonType 9 - which indicated pass the hash using mimikatz occured. If an attack was recognized - it blocks both the attacking user and attacked user, and logoffs them out of the machine.

Requirements

  • Python
  • Pyad library
  • Pywin32 library

Setup

To run this project, navigate to the cloned folder and run script.py.

cd ../mimikatz-pth-defender
py script.py

About

Defender againts Pass the Hash attacks initiated with mimikatz.

Resources

Readme
Activity

Stars

1 star

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages