Readings: Pass the Hash with Mimikatz

Below you will find reading materials and additional resources that support today’s topic and the upcoming lecture.

Review the Submission Instructions for guidance on completing and submitting this assignment.

Reading

What is Mimikatz?

Name the six credential-gathering techniques which Mimikatz is able to perform and explain how two of them work.

• Pass-the-hash: When attackers use Mimikatz to pass an exact hash string pass an exact hash string to log into a target computer.
• Pass-the-ticket: Because Mimikatz has a function for a user to pass a Kerberos ticket to another computer, a bad actor can log in with that user's ticket.
• Overpass-the-hash
• Kerberoast

What are four ways we can defend against Mimikatz attacks. Explain how two of the mitigations can stop Mimikatz.