The sub-techniques beta is now live! Read the release blog post for more info.

Skeleton Key

Skeleton Key is malware used to inject false credentials into domain controllers with the intent of creating a backdoor password. [1] Functionality similar to Skeleton Key is included as a module in Mimikatz.

ID: S0007
Platforms: Windows
Version: 1.0
Created: 31 May 2017
Last Modified: 03 May 2019

Techniques Used

Domain ID Name Use
Enterprise T1098 Account Manipulation

Skeleton Key is used to patch an enterprise domain controller authentication process with a backdoor password. It allows adversaries to bypass the standard authentication system to use a defined password for all accounts authenticating to that domain controller.[1]