Sign In
- Platform
- Solutions
- Modern NDR
- Resources
- Company
Platform
Modern NDR
Resources
Platform
Modern NDR
Resources
DETECTION OVERVIEW
Risk Factors
Mimikatz is a common credential dumping tool that enables attackers to easily compromise Active Directory (AD) environments. An attacker can obtain stolen credentials and advance their attack campaign.
Kill Chain
Risk Score
87
Mimikatz is a credential dumping tool for Windows and AD environments. Attackers can take advantage of Mimikatz to obtain Windows account usernames and passwords. After infiltrating the network, an attacker installs Mimikatz onto compromised devices. Mimikatz has a custom Microsoft remote procedure call (MS-RPC) interface called MimiCom, which enables an attacker to interact with Mimikatz and run commands on remote devices. For example, an attacker connects to the Mimikatz instance on the victim by sending an MS-RPC request with the interface and operation, MimiCon:MimiBind. The attacker is now able to remotely run Mimikatz commands on the victim that launch attacks such as credential dumping.
Quarantine the device while checking for indicators of compromise, such as the presence of malware
Review authentication methods and enforce policies for secure credential creation and multi-factor authentication
Implement the principle of least privilege to minimize the damage done from a compromised account
