2020-07-02T07:51:00Z

What is Mimikatz?


How can businesses protect themselves against Mimikatz malware?

Guest
66 Answers

author avatar
Top 5Reseller

Mimiktaz is a post exploitation tool that dumps passwords from memory (credentials theft) and exploit phase generally is the 2nd stage in attack life cycle as mostly said attacker exploit a vulnerability The collected credentials can then be used to access unauthorized information or perform lateral movement attacks.
EDR most probably helps you in detection and protection as it is works in monitoring and collects events,memory dumps...etc
EDR works by providing IOCs which is already provided by EDR vendor and you can also create custom IOCs and also TTPs and front line threat intelligence all those gives you capabilities in early detection exploit phase and knowing who is targeting your organization.

2020-07-02T19:24:35Z
author avatar
Top 20User

Besides having Microsoft Defender which detects this threat, also the newest versions of the Microsoft Operating Systems for endpoints and servers have new functionality to reduce the threat from Mimikatz. Making sure individual users do not have admin rights, implementing least privilege and multi-factor authentication also will help. Drop me a note here or on LinkedIn if additional discussion desired. 

2020-07-02T19:30:59Z
author avatar
Top 10Real User

Um, this is Mimi's cat stealing the gold ticket.

2020-07-07T09:16:23Z
author avatar
Top 5LeaderboardReseller

Protection against ransomware requires a multi-layered approach, with both preventative measures and recoverability capabilities. Due to the variety of attack methods, there is no single silver bullet that will provide comprehensive protection. As no protection is 100% effective, organizations must ensure they have recoverability capabilities in place for when they are compromised. Mimikatz malware is mainly used for Password stealing from your device, First we talk about protection that can be happen with couple of tools and awareness .

Preventative Measures


1) End Point Protection -AV product which does not require signature updates or endpoint device scanning, but uses Machine Learning (ML) techniques to identify malware.
2) Perimeter Protection - Sits inline between your company and the Internet, protecting your enterprise from cyberthreats, stopping intellectual property leaks, and ensuring compliance with corporate content and access policies. Product security capabilities provide defence–in– depth, protecting you from a broad range of threats including malicious URL requests, viruses, Advanced Persistent Threats (APTs), zero–day malware, adware, spyware, botnets, cross–site scripting, and much more.
3) Implementation of Privilege Identity Management with 256bit encryption Password vault. Look Out for an Unnecessary Amount of Requested Permissions
4) Recoverability - Offline Backups - This protection essentially involves maintaining an inaccessible, offline backup of data. I believe this offline copy is best offered in the Cloud, so therefore recommend a Managed Backup service for backups.
5) Download Apps Only from Official App Marketplaces.

2020-07-03T07:25:33Z
Find out what your peers are saying about CrowdStrike, Cisco, SentinelOne and others in Endpoint Detection and Response (EDR). Updated: July 2020.
430,988 professionals have used our research since 2012.