I see mimikatz as one of the most significant collections of offensive capability available today. Because there’s so much capability, folks are often interested in how to detect its use on their network.
For example, one blog post recommends that use of Honey Hashes to detect mimikatz use. Others might recommend that you look for Kerberos tickets that expire 10 years from now. These are great examples of ways to detect different Mimikatz features. What if I told you there was a way to detect mimikatz use, regardless of feature?
This technology exists. Better, it’s cheap. This Mimikatz Detection Peripheral only costs $50. Here’s a demonstration of this technology in action:
Note: This technology only detects Mimikatz releases built after October 9, 2015.