[new] ngc::logondata to dump authentication slot pin and various data (kiwi use only - 2004 up to date)
[new] token::elevate option to impersonate special users
[internal] file reading support reading with backup privilege
[new] lsadump::sam support SupplementalCredentials in local SAM (close#250) - thank you @MichaelGrafnetter
[enhance] lsadump::sam with better logic in revision/flag detection (without new code), fix#99, fix#165, fix#249
[enhance] chrome::dpapi by integration of an updated SQLite3 library with less OMIT (must fix#246, no SQLITE_OMIT_AUTOINCREMENT)
[new] mimikatz & mimilib **very** experimental support for ARM64
[better] code for Mifare protocol
[better] code for sekurlsa WinDBG plugin (credential keys, still not good enough)
[new] mimilib sub authentication package for @vletoux with 'bad password knocking' and magic password
[new] mimikatz: unmarshalling usernames when marshalled
[fix] mimikatz SR98/RDM/Busylight could previously crash
[fix#184] again and again ;)
[fix#172] swscanf_s VS ARRAYSIZE macro
[fix#127] stdout/stdin/stderr vs modern Visual Studio and Windows XP support (thank you @Crypt0-M3lon)
[code] refactor for defined / !defined
[fix] kerberos & crypto FindFile issue when enumerating kirbi & certificate files in directories
[fix] adding Fci.h file in includes
[new] kerberos::golden can make tickets without PAC when avoiding the /sid parameters
[new] crypto::sc tries to get informations with readers without cards
[new] sr98:: module to deal with LF writer and T5577 cards
[credits] with his work on AD, Vincent Le Toux (@vletoux) is starring as co-author :)
[internal] DRSR RPC
[fix] dcsync export as CSV without junk chars between username and NTLM hash
[new] RPC support (client & server, multi users)
[new] Windows service support
[new] token::elevate can run process with impersonate token (when enough privileges and without interactions)
[new] process::run
[new] standard::hostname
[remove] mimidrv & mimikatz kernel module: Process & Object callbacks remover are not anymore in the program
[internal] Windows 10 is now splitted in 1507 (LTSB) and 1511 (current)
[internal] mimidrv: Windows 10 support added
[internal] mimilib WinDBG module & mimikatz::sekurlsa: Windows 10 MSV / Kerberos Tickets are not specific anymore (offsets table)
[internal] Using KULL_M_MEMORY_GLOBAL_OWN_HANDLE instead of local variable in each function
- [fix] dpapi::capi now deals with AT_SIGNATURE keys
- [fix] sekurlsa::kerberos / kerberos:: encryption type are now signed
- [new] kerberos::ask to ask / save TGS from current TGT
- [new] crypto::system to describe/to export Windows System Certificate (cert, crl, ctl, keyid)
- [internal] smaller banner for smaller displays
- [internal] Copyrights for 2016
- [internal] kull_m_file can deal with environment-variable strings in paths
- [internal] kull_m_crypto new types for CERT_PROP_*_ID
- [fix] sekurlsa::msv & mimilib for Windows 10 build 10586
- [fix#20] sekurlsa::tickets (display & export) for NT 6 != Windows 10
- [close#16] kerberos::golden now with ~NetBios name in LogonDomainName field of the PAC
- [new] privilege module shortcuts (driver, security, tcb, backup, restore) and functions (by id or name)
- [new] lsadump::dcsync and lsadump::lsa /inject 'NTLM-Strong-NTOWF' in Supplemental Credentials structures (Windows 2016 TP 4)
- [internal] NtSetSystemInformation can now be used in code
blackcat
Benjamin DELPY
hubert3