Contributors: Vincent Le Toux
|Enterprise||T1098||Account Manipulation||The Mimikatz credential dumper has been extended to include Skeleton Key domain controller authentication bypass functionality. The |
|Enterprise||T1003||Credential Dumping||Mimikatz performs credential dumping to obtain account and password information useful in gaining access to additional systems and enterprise network resources. It contains functionality to acquire information about credentials in many ways, including from the LSA, SAM table, credential vault, DCSync/NetSync, and DPAPI.|
|Enterprise||T1081||Credentials in Files||Mimikatz's |
|Enterprise||T1075||Pass the Hash||Mimikatz's |
|Enterprise||T1097||Pass the Ticket||Mimikatz’s |
|Enterprise||T1145||Private Keys||Mimikatz's |
|Enterprise||T1101||Security Support Provider||The Mimikatz credential dumper contains an implementation of an SSP.|
|Enterprise||T1178||SID-History Injection||Mimikatz's |
Groups that use this software:APT1
- Deply, B. (n.d.). Mimikatz. Retrieved September 29, 2015.
- Metcalf, S. (2015, November 13). Unofficial Guide to Mimikatz & Command Reference. Retrieved December 23, 2015.
- Metcalf, S. (2015, January 19). Attackers Can Now Use Mimikatz to Implant Skeleton Key on Domain Controllers & BackDoor Your Active Directory Forest. Retrieved February 3, 2015.
- Deply, B., Le Toux, V. (2016, June 5). module ~ lsadump. Retrieved August 7, 2017.
- Grafnetter, M. (2015, October 26). Retrieving DPAPI Backup Keys from Active Directory. Retrieved December 19, 2017.
- The Australian Cyber Security Centre (ACSC), the Canadian Centre for Cyber Security (CCCS), the New Zealand National Cyber Security Centre (NZ NCSC), CERT New Zealand, the UK National Cyber Security Centre (UK NCSC) and the US National Cybersecurity and Communications Integration Center (NCCIC). (2018, October 11). Joint report on publicly available hacking tools. Retrieved March 11, 2019.
- Metcalf, S. (2015, August 7). Kerberos Golden Tickets are Now More Golden. Retrieved December 1, 2017.
- Schroeder, W. (2015, September 22). Mimikatz and DCSync and ExtraSids, Oh My. Retrieved December 4, 2017.