Protect private certificate from MimikatzJava HTTPS client certificate authenticationHow should I ethically approach user password storage for later plaintext retrieval?Create a OpenSSL certificate on WindowsHow to create .pfx file from certificate and private key?Java: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested targetHow to create a self-signed certificate with OpenSSLUse of the certificate with private key not marked as exportableUnable to resolve “unable to get local issuer certificate” using git on Windows with self-signed certificateHow to use a client certificate to authenticate and authorize in a Web APIExport Certificate - with or without the private key
How to trick a fairly simplistic kill-counter?
Can black block with a hanging piece in a back rank mate situation?
Best Ergonomic Design for a handheld ranged weapon
Why don't short runways use ramps for takeoff?
How to escape forward slashes?
Does the problem of P vs NP come under the category of Operational Research?
How can flights operated by the same company have such different prices when marketed by another?
PI 4 screen rotation from the terminal
How do I safety check that there is no light in Darkroom / Darkbag?
May a hotel provide accommodation for fewer people than booked?
UX writing: When to use "we"?
Base Current vs Emitter Base voltage
Not taking Bereavement Leave
How to prevent a single-element caster from being useless against immune foes?
"Fewer errors means better products" or "Fewer errors mean better products"?
Why did the United States not resort to nuclear weapons in Vietnam?
How to derive trigonometric Cartesian equation from parametric
Were there any unmanned expeditions to the moon that returned to Earth prior to Apollo?
Is Norway in the Single Market?
A conjectural trigonometric identity
mv Command Deleted Files In Source Directory and Target Directory
Can the additional attack from a Samurai's Rapid Strike have advantage?
How to gracefully excuse yourself from a meeting due to emergencies such as a restroom break?
Must I upgrade this bathroom circuit from 15 amps to 20 amps?
Protect private certificate from Mimikatz
Java HTTPS client certificate authenticationHow should I ethically approach user password storage for later plaintext retrieval?Create a OpenSSL certificate on WindowsHow to create .pfx file from certificate and private key?Java: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested targetHow to create a self-signed certificate with OpenSSLUse of the certificate with private key not marked as exportableUnable to resolve “unable to get local issuer certificate” using git on Windows with self-signed certificateHow to use a client certificate to authenticate and authorize in a Web APIExport Certificate - with or without the private key
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;
Which is the best way to protect a private(client) certificate from Mimikatz on Windows?
currently, my certificates mark as non-exportable, but when I run Mimikatz, it succeeds to export them.
windows security ssl-certificate devops client-certificates
edited Mar 28 at 11:42
Óscar Andreu
1,1787 silver badges28 bronze badges
asked Mar 26 at 23:41
AssiAssi
65 bronze badges
add a comment |
Which is the best way to protect a private(client) certificate from Mimikatz on Windows?
currently, my certificates mark as non-exportable, but when I run Mimikatz, it succeeds to export them.
windows security ssl-certificate devops client-certificates
edited Mar 28 at 11:42
Óscar Andreu
1,1787 silver badges28 bronze badges
asked Mar 26 at 23:41
AssiAssi
65 bronze badges
add a comment |
Which is the best way to protect a private(client) certificate from Mimikatz on Windows?
currently, my certificates mark as non-exportable, but when I run Mimikatz, it succeeds to export them.
windows security ssl-certificate devops client-certificates
edited Mar 28 at 11:42
Óscar Andreu
1,1787 silver badges28 bronze badges
asked Mar 26 at 23:41
AssiAssi
65 bronze badges
Which is the best way to protect a private(client) certificate from Mimikatz on Windows?
currently, my certificates mark as non-exportable, but when I run Mimikatz, it succeeds to export them.
windows security ssl-certificate devops client-certificates
windows security ssl-certificate devops client-certificates
edited Mar 28 at 11:42
Óscar Andreu
1,1787 silver badges28 bronze badges
asked Mar 26 at 23:41
AssiAssi
65 bronze badges
edited Mar 28 at 11:42
Óscar Andreu
1,1787 silver badges28 bronze badges
asked Mar 26 at 23:41
AssiAssi
65 bronze badges
edited Mar 28 at 11:42
Óscar Andreu
1,1787 silver badges28 bronze badges
edited Mar 28 at 11:42
Óscar Andreu
1,1787 silver badges28 bronze badges
edited Mar 28 at 11:42
Óscar Andreu
1,1787 silver badges28 bronze badges
1,1787 silver badges28 bronze badges
asked Mar 26 at 23:41
AssiAssi
65 bronze badges
asked Mar 26 at 23:41
AssiAssi
65 bronze badges
asked Mar 26 at 23:41
AssiAssi
65 bronze badges
65 bronze badges
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
Enable LSA Protection on all Windows versions in the enterprise that supports it. This prevents Mimikatz from working “out-of-the-box” and requires use of the Mimikatz driver which logs events when it interacts with LSASS.
More information here
answered Mar 28 at 9:21
Óscar AndreuÓscar Andreu
1,1787 silver badges28 bronze badges
add a comment |
Your Answer
StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "1"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f55367735%2fprotect-private-certificate-from-mimikatz%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
Enable LSA Protection on all Windows versions in the enterprise that supports it. This prevents Mimikatz from working “out-of-the-box” and requires use of the Mimikatz driver which logs events when it interacts with LSASS.
More information here
answered Mar 28 at 9:21
Óscar AndreuÓscar Andreu
1,1787 silver badges28 bronze badges
add a comment |
Enable LSA Protection on all Windows versions in the enterprise that supports it. This prevents Mimikatz from working “out-of-the-box” and requires use of the Mimikatz driver which logs events when it interacts with LSASS.
More information here
answered Mar 28 at 9:21
Óscar AndreuÓscar Andreu
1,1787 silver badges28 bronze badges
add a comment |
Enable LSA Protection on all Windows versions in the enterprise that supports it. This prevents Mimikatz from working “out-of-the-box” and requires use of the Mimikatz driver which logs events when it interacts with LSASS.
More information here
answered Mar 28 at 9:21
Óscar AndreuÓscar Andreu
1,1787 silver badges28 bronze badges
Enable LSA Protection on all Windows versions in the enterprise that supports it. This prevents Mimikatz from working “out-of-the-box” and requires use of the Mimikatz driver which logs events when it interacts with LSASS.
More information here
answered Mar 28 at 9:21
Óscar AndreuÓscar Andreu
1,1787 silver badges28 bronze badges
answered Mar 28 at 9:21
Óscar AndreuÓscar Andreu
1,1787 silver badges28 bronze badges
answered Mar 28 at 9:21
Óscar AndreuÓscar Andreu
1,1787 silver badges28 bronze badges
answered Mar 28 at 9:21
Óscar AndreuÓscar Andreu
1,1787 silver badges28 bronze badges
1,1787 silver badges28 bronze badges
add a comment |
add a comment |
Got a question that you can’t ask on public Stack Overflow? Learn more about sharing private information with Stack Overflow for Teams.
Got a question that you can’t ask on public Stack Overflow? Learn more about sharing private information with Stack Overflow for Teams.
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f55367735%2fprotect-private-certificate-from-mimikatz%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
