Monday 06 July 2026 01:16:20 GMT+02:00

Netcrook

HomeManifesto
News
Techcrook
Geocrook
WikicrookTeamAppContact
EnglishItalianoArabic

WIKICROOK

Mimikatz

A credential-dumping tool used to extract secrets from Windows memory and related stores.

Mimikatz is a credential-dumping tool used to extract secrets from Windows memory and related stores. It is commonly associated with LSASS memory scraping, where attackers look for cleartext passwords, NTLM hashes, Kerberos tickets, and other logon material that can be reused for lateral movement or privilege escalation.

It matters because once an attacker has code execution on a Windows host, Mimikatz can turn that access into reusable credentials, often without needing to exploit another vulnerability. In real attacks, it is frequently paired with techniques that weaken defenses first, such as disabling protections or changing WDigest settings to increase the chance that secrets remain in memory. Defenders reduce the risk with Credential Guard, protected LSASS, strong privilege separation, and alerts for suspicious process access, memory dumps, or command lines linked to credential theft.

← WIKICROOK index