What is Mimikatz — and what can it do to you?
- July 2, 2020
- Posted by:
- Categories: Archer News, Cyber Crime, Cyber Crime, Cyberattack, Cyberattack, Hacking, Posts with image
We’re answering your security question, “What is Mimikatz?”
It’s a tool that hackers can use to find username and password info on your computer — for good or for evil.
First, the name.
It means “cute cats.” But the tool is far more powerful than it sounds.
You can use it to uncover security holes in your Windows systems. Attackers can use it, too — to find those same holes and take over.
A French fellow named Benjamin Delpy created Mimikatz. Now it’s one of the most popular hacker tools in the world.
How They Do It
Once the bad guys find their way onto your computer, they run Mimikatz.
It can find your password info and pose as you, causing trouble.
But there’s more. It can do things like create a “golden ticket,” a free pass of sorts, allowing the attackers to act as administrator and access everything on the network.
Then attackers can take over things like sensitive data, financial accounts, and controls to critical infrastructure — all potentially dangerous.
With Mimikatz, cyber criminals can slink in quietly and move around, often undetected, until it’s too late.
Sounds dreamy for attackers. And it is.
Cybersecurity pros who test companies to see if they have security gaps —called pentesters or penetration testers — also use Mimikatz to try to find the problems before attackers do.
Cybersecurity people have to take steps to protect their systems from Mimikatz attacks.
It’s a constant cat and mouse game between attackers coming up with ways to use Mimikatz and people defending against them.
Defenders can do things like:
—Update their windows systems
—Test their networks with Mimikatz
—Limit the privileges you have on your work computer
You may not get to do as much as you want on your computer at work, but it helps keep the cute — and destructive — cats out.
Main image: Cat & keyboard. Image: Asurobson/iStock