Mastering Mimikatz

Mimikatz is a POC (Proof of Concept) that has been under development for 10 years yet most security practitioners only understand and use a minute set of its capabilities, an even lower number have ported the capabilities demonstrated in the POC into operational tools. In this class, Carlos aims at covering some of the common attacks the tools and some of the less likely ones.

The Mimikatz set of tools and Kekeo are the go-to toolset for security professionals when performing attack simulations against the Windows Authentication Infrastructure, local to the system and against ActiveDirectory. This training class will focus on showing the ins and out of the tools, how they work and how to use them in an operational environment. Some of the areas that will be covered are:

  • Abusing Authentication Providers
  • Credential and secret extraction with DPAPI/DPAPI-NG
  • Kerberos Security and abuse.
  • Active Directory Persistence
  • Eventlog abuse.
  • Use of Mimikatz tools for Research.

More areas will be covered also, from services, processes and even on using the WinDBG extension of Mimikatz. Kekeo will be covered and how the technologies it leverage work.


Understanding of Windows infrastructure and knowledge on how Active Directory works.


Laptop with RDP client.

About the Speaker