Lateral Movement with Mimikatz

Among other features, Mimikatz provides lateral movement capabilities such as pass the hash, user impersonation, and the creation of golden and silver tickets. Skill up your lateral movement techniques with Mimikatz.
Course info
Level
Intermediate
Updated
Aug 14, 2020
Duration
29m
Table of contents
Description
Course info
Level
Intermediate
Updated
Aug 14, 2020
Duration
29m
Description

Would you like to move from system to system without clear text credentials? How about impersonating a domain controller to inject data of your choosing? In this course, Lateral Movement with Mimikatz, you will learn how to leverage the advanced lateral movement capabilities of the open-source Mimikatz project towards post-exploitation activities. First, you will see how to 'Pass the Hash' to authenticate without the need of a clear text password. Next, you will discover how Mimikatz is used to bypass the domain controllers with 'Pass the Ticket'. Finally, you will explore how to create golden and silver tickets to impersonate domain users and service accounts. When finished with this course, you will have the skills and knowledge of the open-source Mimikatz tool needed to emulate lateral movement techniques aligned with Mitre ATT&CK.

About the author
About the author

Lee Allen is a penetration tester by trade. Lee has authored four books about penetration testing and has created several Pluralsight courses.

More from the author
Credential Access with THC Hydra
Intermediate
27m
Aug 19, 2020
Credential Access with Mimikatz
Intermediate
25m
Aug 14, 2020
More courses by Lee Allen
Section Introduction Transcripts
Section Introduction Transcripts

Tool Introduction
Welcome to Pluralsight and this cybersecurity tools course featuring Mimikatz, the open source, post‑exploitation tool developed and maintained by Benjamin Delpy. Members of blue and red teams, as well as penetration testers, may need to understand how an attacker can move from one system to another, building up to the access and knowledge of the domain necessary to accomplish their final goals. Along with other capabilities, Mimikatz can do precisely that. With Mimikatz, you can pass the hash, impersonate users or domain controllers, or create golden and silver tickets. If you are seeking to learn how you can use Mimikatz towards lateral movement efforts during security engagements, or if you just want to learn how attackers can perform these activities, join me and learn how to move laterally using Mimikatz, here at Pluralsight.