The Secrets to MIMIKATZ - The Credential Dumper

Shairoze Malik, Erej Azeem

  • Shairoze Malik DFRSC - Digital Forensic Research and Service Centre, Lahore Garrison University
  • Erej Azeem DFRSC - Digital Forensic Research and Service Centre,Lahore Garrison University
DOI: https://doi.org/10.54692/ijeci.2022.0504142
Keywords: Mimikatz, hash dump, lsass, modules, kerberos, tickets, krbtg

Abstract

With the emergence of many credential dumping tools, Mimikatz has become an exceedingly dramatic tool against Windows users that allows intruders to fetch plain text passwords. Moreover they also target memory to dump password hashes. Mimikatz capacity and potential will be briefly discussed throughout the paper. Several modules of Mimikatz to dump credentials will follow, and the paper will conclude with procedures and techniques that may be used as prevention against Mimikatz attacks that are performed.
Published
2022-07-29
Issue
Vol. 5 No. 4 (2021): International Journal for Electronic Crime Investigation
Section
Articles