honeycred icon indicating copy to clipboard operation
honeycred copied to clipboard

Published 20 hours ago verified publisher icon hosom

Responder bait

Open hosom opened this issue 7 years ago • 0 comments

PowerShellDefense has a feature in Invoke-Honeycreds.ps1 that attempts to mount a share/access a resource with HTTP basic to bait responder into stealing credentials.

It would be great if agent did this--since a process has to keep running in order to keep creds in lsass anyway.

hosom avatar Feb 07 '17 04:02 hosom