Mimikatz

What is Mimikatz

Mimikatz is a well known tool that can extract Windows plaintexts passwords, hashes, PIN code and kerberos tickets from memory. Mimikatz can also perform pass-the-hash, pass-the-ticket or build Golden tickets.

Mimikatz runs on remote machines to extract credentials from lsass memory or Local Security Authority SubSystems. Lsass contains all the Security Service Providers or SSP, which are the packets managing the different types of authentication. For practical reasons, the credentials entered by a user are very often saved in one of these SSPs so that the user doesn’t have to enter them again a few seconds or minutes later.

This is why Mimikatz extracts the information located in these different SSPs in an attempt to find some authentication secrets, and displays them to the attacker. This would allow someone to take over the whole XEOX Program and bring the Company to a halt.

Mitigation with XEOX

In order to take care of this problem, there is a special site in XEOX called Domain Services, which can be found in the Security Center. It allows you to see, all domain services the company has. In Group Report, which is also in Security Center, you can see which user works on which server. This makes it easier, to see if someone has access to something they should not and take care of this problem, before any damage is made.