> How did the author figure out where in memory the prints are?
Microsoft provided him a nifty protocol for that.
> Mimikatz first became a key hacker asset thanks to its ability to exploit an obscure Windows function called WDigest. That feature is designed to make it more convenient for corporate and government Windows users to prove their identity to different applications on their network or on the web; it holds their authentication credentials in memory and automatically reuses them, so they only have to enter their username and password once. While Windows keeps that copy of the user's password encrypted, it also keeps a copy of the secret key to decrypt it handy in memory, too. "It’s like storing a password-protected secret in an email with the password in the same email," Delpy says.
Microsoft provided him a nifty protocol for that.
> Mimikatz first became a key hacker asset thanks to its ability to exploit an obscure Windows function called WDigest. That feature is designed to make it more convenient for corporate and government Windows users to prove their identity to different applications on their network or on the web; it holds their authentication credentials in memory and automatically reuses them, so they only have to enter their username and password once. While Windows keeps that copy of the user's password encrypted, it also keeps a copy of the secret key to decrypt it handy in memory, too. "It’s like storing a password-protected secret in an email with the password in the same email," Delpy says.
https://www.wired.com/story/how-mimikatz-became-go-to-hacker...