Mimikatz

Mimikatz is an open-source tool that allows users to extract sensitive data from Windows computers, such as passwords, Kerberos tickets, and NTLM hashes:

How it works

Mimikatz can extract unencrypted passwords from Windows memory, which allows malicious actors to access a system's security tokens and restricted information.

Here are some key capabilities of Mimikatz:

• Credential Dumping: Extracts passwords, hashes, PINs, and Kerberos tickets from memory.
• Pass-the-Hash: Uses hashed passwords to authenticate without needing the plaintext password.
• Pass-the-Ticket: Uses Kerberos tickets to authenticate to other systems.
• Golden Ticket: Creates Kerberos tickets that provide domain admin access.

How it's delivered

Mimikatz is often delivered and executed without writing to disk, which helps it avoid detection.

How it's been used

Mimikatz was a component of the NotPetya ransomware worm, which is believed to have caused over a billion dollars in damages.

How to protect against it

Companies and organizations can protect their systems against Mimikatz using security patches, up-to-date software, and multi-factor authentication.

Mimikatz was developed in 2007 by French ethical hacker Benjamin Delpy to demonstrate vulnerabilities in Windows authentication systems.