Yes, they did need to the exploit.
For one thing, mitigations have existed since the problem was announced (disable the service). For another thing, the easiest way to defend your enterprise against ransomware is to just defend it against mimikatz.
For one thing, mitigations have existed since the problem was announced (disable the service). For another thing, the easiest way to defend your enterprise against ransomware is to just defend it against mimikatz.
https://twitter.com/pmelson/status/1412543656209248259
If hackers are actively exploiting a thing and mitigations exist, then adding the exploit to security tools only helps defenders. A defender with experience with mimikatz/metasploit/etc. can now easily understand and communicate the need to address the bug.
If your organization doesn't have people experienced with mimikatz (either directly or through contractors/service-providers), then you are doing it wrong.
Yes, yes, yes: mimikatz also enables a ton of ransomware attacks, not just PrinterNightmare. We'll have endless conversations whether mimikatz and cobaltstrike are white hat or black hat tools.
But on the whole, they help defenders more than attackers. The ethical concerns here aren't whether mimikatz makes hacking too easy, but why defenders aren't taking advantage of it to prevent these "easy" attacks.
This is the typical argument I always make: stop trying to stop defenders by arguing that restricting something will stop attackers. It (a) really hurts defenders and (b) doesn't really stop attackers.
Yes, yes, people add these things recklessly to defensive tools without thinking enough about the consequences of their actions, which can be offensive. But there is no answer to being more careful that doesn't restrict the abilities of defenders.
• • •
Missing some Tweet in this thread? You can try to
force a refresh
