Mimikatz is a credential-dumping tool used to extract secrets from Windows memory and related stores. It is commonly associated with LSASS memory scraping, where attackers look for cleartext passwords, NTLM hashes, Kerberos tickets, and other logon material that can be reused for lateral movement or privilege escalation.
It matters because once an attacker has code execution on a Windows host, Mimikatz can turn that access into reusable credentials, often without needing to exploit another vulnerability. In real attacks, it is frequently paired with techniques that weaken defenses first, such as disabling protections or changing WDigest settings to increase the chance that secrets remain in memory. Defenders reduce the risk with Credential Guard, protected LSASS, strong privilege separation, and alerts for suspicious process access, memory dumps, or command lines linked to credential theft.



