Mimikatz is a credential dumping open source program used to obtain account login and password information, normally in the form of a hash or a clear text password, from an operating system or software. Credentials can then be used to perform lateral movement and access restricted information.
Mimikatz is a Windows x32/x64 program to extract passwords, hash, PINs, and Kerberos tickets from memory. It is used as an attack tool against Windows clients, allowing the extraction of cleartext passwords and password hashes from memory. The program was coded in C by Benjamin Delpy in 2007 to learn more about Windows credentials (and as a Proof of Concept).
There are two optional components that provide additional features, mimidrv. (driver to interact with the Windows kernel) and mimilib (AppLocker bypass, Auth package/SSP, password filter, and sekurlsa for WinDBG). Mimikatz requires administrator or SYSTEM and often debug rights in order to perform certain actions and interact with the LSASS process (depending on the action requested).
In the last years Mimikatz was used as a component of two ransomware worms that have reached targets around the globe: Both NotPetya and BadRabbit ransomware used Mimikatz in conjunction with leaked NSA hacking tools to automate attacks whose infections saturated networks, with disastrous results. NotPetya was able to paralysis thousands of computers at companies like FedEx, Maersk and Merck. it is believed to have caused over a billion dollars in damages.