[new] lsadump::cache now replace selected DCC cache with /user:username, /password:xxx or /ntlm:0011...eeff
[internal] kull_m_registry_OpenAndQueryWithAlloc to avoid multiple calls (Open/Query/Alloc/Query/Close)
[remove] mimidrv & mimikatz kernel module: Process & Object callbacks remover are not anymore in the program
[internal] Windows 10 is now splitted in 1507 (LTSB) and 1511 (current)
[internal] mimidrv: Windows 10 support added
[internal] mimilib WinDBG module & mimikatz::sekurlsa: Windows 10 MSV / Kerberos Tickets are not specific anymore (offsets table)
[internal] Using KULL_M_MEMORY_GLOBAL_OWN_HANDLE instead of local variable in each function
[new] System Environment Variables user module
[new] System Environment Variables kernel IOCTL for Set
[enhancement] privilege::sysenv
[enhancement] Busylight
[enhancement] misc::skeleton can avoid anti-AES patching for aware clients with /letaes
- [new] sekurlsa module and its kerberos submodule now work with old 2003 SP1 (live or dump)
- [remove] misc::wifi with WLanAPI will be replaced with dpapi::wifi raw access
- [fix] crypto::certificate buffer free at the right place
- [internal] new kull_m_file Find function with callback
- [internal] removed kull_m_file functions (read/write/file exist) with environment-variables, now used for all command-lines
- [internal] kull_m_crypto_hash better checks for CRC32 trick
- [internal] mimilove for Windows 2000 banner update
- [internal] crypto::system now works with buffers (for future registry access)
- [internal] kerberos::ptt & crypto::system call kull_m_file_Find instead of their own implementation
- [internal] remove CrtlHandler, from mimikatz main modules, when exiting to let PowerShell clean
- [internal] expand command lines environment-variables from mimikatz main modules
[new] crypto::providers and crypto::certificates now list provider types
[internal] Removed kull_m_crypto_crc32 routine from crypto module, relies now on cryptdll using CALG_CRC32 with kull_m_crypto_hash
[internal] Removed incorrect usage of BOOL instead of NTSTATUS in kuhl_m_pac_validationInfo_to_PAC
- [fix] dpapi::capi now deals with AT_SIGNATURE keys
- [fix] sekurlsa::kerberos / kerberos:: encryption type are now signed
- [new] kerberos::ask to ask / save TGS from current TGT
- [new] crypto::system to describe/to export Windows System Certificate (cert, crl, ctl, keyid)
- [internal] smaller banner for smaller displays
- [internal] Copyrights for 2016
- [internal] kull_m_file can deal with environment-variable strings in paths
- [internal] kull_m_crypto new types for CERT_PROP_*_ID
- [fix] sekurlsa::msv & mimilib for Windows 10 build 10586
- [fix#20] sekurlsa::tickets (display & export) for NT 6 != Windows 10
- [close#16] kerberos::golden now with ~NetBios name in LogonDomainName field of the PAC
- [new] privilege module shortcuts (driver, security, tcb, backup, restore) and functions (by id or name)
- [new] lsadump::dcsync and lsadump::lsa /inject 'NTLM-Strong-NTOWF' in Supplemental Credentials structures (Windows 2016 TP 4)
- [internal] NtSetSystemInformation can now be used in code
