Post-exploitation tool for extracting Windows credentials, pass-the-hash, and Kerberos attacks
AdvancedInteractive Dual Perspective
Mimikatz is a post-exploitation tool for extracting plaintext passwords, hashes, PINs, and Kerberos tickets from Windows memory (LSASS). Created by Benjamin Delpy, it's become essential for demonstrating Windows credential theft and lateral movement techniques.
🔴 RED TEAM: Offensive Usage
Dump credentials from compromised systems for lateral movement. Extract NT hashes for pass-the-hash attacks, Kerberos tickets for pass-the-ticket, and create golden/silver tickets for persistence.
🔵 BLUE TEAM: Defensive Usage
Test credential protection mechanisms (Credential Guard, Protected Users group). Validate EDR detection of LSASS access. Train SOC on Mimikatz indicators and credential theft TTPs.
🟣 PURPLE TEAM: Collaborative Testing
Red executes credential dumps while Blue monitors for LSASS access, process injection, and suspicious privilege escalation. Jointly improve credential hygiene and detection capabilities.
Interactive Simulation
Extract credentials and execute pass-the-hash attacks
Execute Mimikatz
C:\Tools> mimikatz.exe
mimikatz # privilege::debug
Note: Mimikatz requires administrator privileges and debug privileges. Modern protections like Credential Guard, LSASS PPL, and EDR can prevent or detect credential dumping.