Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fake users get picked up by mimikatz #1860

Closed
1 task
VakarisZ opened this issue Apr 5, 2022 · 0 comments · Fixed by #1902
Closed
1 task

Fake users get picked up by mimikatz #1860

VakarisZ opened this issue Apr 5, 2022 · 0 comments · Fixed by #1902
Labels
Bug An error, flaw, misbehavior or failure in the Monkey or Monkey Island.

Comments

@VakarisZ
Copy link
Contributor

VakarisZ commented Apr 5, 2022
edited by shreyamalviya
Loading

Describe the bug

New users created for PBA's via AutoNewWindowsUser get picked up by mimikatz. This means that either user traces are left somewhere in credetial caches or the user isn't properly deleted. Either way this results in a ton of useless credentials added to configuration.

To Reproduce

Steps to reproduce the behavior:

  1. Run monkey multiple times with PBA's enabled on windows
  2. Check config - a lot of bogus users got added

Expected behavior

Users created by monkey should be removed without leaving traces OR shouldn't be added to config

Tasks
@VakarisZ VakarisZ added the Bug An error, flaw, misbehavior or failure in the Monkey or Monkey Island. label Apr 5, 2022
@shreyamalviya shreyamalviya mentioned this issue Apr 20, 2022
Merged
8 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug An error, flaw, misbehavior or failure in the Monkey or Monkey Island.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix fake user addition to the config because of Mimikatz guardicore/monkey
1 participant
@VakarisZ