Browse Definitions :
Definition

mimikatz

Contributor(s): Laura Fitzgibbons

Mimikatz is an open source malware program used by hackers and penetration testers to gather credentials on Windows computers. Coded by Benjamin Deply in 2007, mimikatz was originally created to be a proof of concept to learn about Microsoft authentication protocol vulnerabilities. However, mimikatz has since become a popularly downloaded hacking tool.

In order to function completely, mimikatz requires administrator or full system controls. A mimikatz attack uses several techniques to find sensitive information such as plaintext passwords, hash, pin codes, and tickets from the memory of a system. The collected credentials can then be used to access unauthorized information or perform lateral movement attacks.

While mimikatz is generally used as an underground and harmful tool, and spreading malware viruses is illegal in most countries, some professionals may still advertise this as a skill they perform within the commercial hacking industry. This is where companies hire white hat hackers to help them search for weaknesses in their own security systems.  

There are always new ways to hack a computer using mimikatz, so defenses against it need to be adaptable and updated to stay effective. A mimikatz attack is hard to detect, but it is possible to check whether a machine or account is compromised. It is easier to execute a mimikatz attack in a system with wide access, because it stores several credentials under one access point. For example, a user that runs Windows with a single sign-on (SSO) system.

Common types of mimikatz attacks

  • Clear text password stealing: Passwords are stored on machines in a predictable, unencrypted state, allowing them to be searched within in a database.
  • Pass-the-hash attack: An attack that involves reusing credentials that are stored in a system without actually finding out what they are, but persisting them to an account or part of a system that the attacker would not normally be able to access.
  • Golden ticket attack: A golden ticket attack involves creating a false authentication within Kerberos, an authentication protocol that verifies users and servers before information is exchanged. The false credential, or golden ticket, gives attackers access to complete any number of unauthorized changes to system accounts and groups
This was last updated in January 2019

Continue Reading About mimikatz

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

What do you think the next common type of security threat will be and how can security professionals stay ahead of it?
Cancel

-ADS BY GOOGLE

File Extensions and File Formats

Powered by:

SearchCompliance

  • compliance audit

    A compliance audit is a comprehensive review of an organization's adherence to regulatory guidelines.

  • regulatory compliance

    Regulatory compliance is an organization's adherence to laws, regulations, guidelines and specifications relevant to its business...

  • Whistleblower Protection Act

    The Whistleblower Protection Act of 1989 is a law that protects federal government employees in the United States from ...

SearchSecurity

  • Cybercrime

    Cybercrime is any criminal activity that involves a computer, networked device or a network.

  • data breach

    A data breach is a confirmed incident in which sensitive, confidential or otherwise protected data has been accessed and/or ...

  • zero-day (computer)

    A zero-day vulnerability, also known as a computer zero day, is a flaw in software, hardware or firmware that is unknown to the ...

SearchHealthIT

SearchDisasterRecovery

  • cloud insurance

    Cloud insurance is any type of financial or data protection obtained by a cloud service provider. 

  • business continuity software

    Business continuity software is an application or suite designed to make business continuity planning/business continuity ...

  • business continuity policy

    Business continuity policy is the set of standards and guidelines an organization enforces to ensure resilience and proper risk ...

SearchStorage

  • business impact analysis (BIA)

    Business impact analysis (BIA) is a systematic process to determine and evaluate the potential effects of an interruption to ...

  • RAID (redundant array of independent disks)

    RAID (redundant array of independent disks) is a way of storing the same data in different places on multiple hard disks to ...

  • dedicated cloud

    A dedicated cloud is a single-tenant cloud infrastructure, which essentially acts as an isolated, single-tenant public cloud.

Close