Get MILBERT.ai FREE for 90 daysActivate Now

    How to Detect and Defeat Mimikatz

    17 production-ready detections with working KQL and OpenSearch queries, each mapped to MITRE ATT&CK — covering the full attack surface most teams miss.

    By James McMurry, CEO & Founder, ThreatHunter.ai

    17
    Working Detections
    14+
    Attack Modules
    100%
    Free

    What's Inside

    17 Working Detections

    Production-ready KQL and OpenSearch queries you can deploy today. No theory — real queries for real threats.

    MITRE ATT&CK Mapped

    Every detection mapped to specific MITRE ATT&CK techniques for compliance reporting and gap analysis.

    14+ Attack Modules Covered

    Most teams detect one or two Mimikatz modules. This guide covers the full attack surface.

    Logging & Hardening Included

    Prerequisites, prevention hardening, and a hunting cadence to keep your detections working.

    Full Attack Surface Coverage

    Mimikatz has 14+ distinct attack modules, but most organizations only detect one or two. This guide covers:

    Credential Dumping (LSASS)
    Pass-the-Hash
    Over-Pass-the-Hash
    Pass-the-Ticket
    Golden Ticket
    Silver Ticket
    Kerberoasting
    DCSync
    DCShadow
    Skeleton Key
    SSP Injection
    WDigest Tampering
    Event Log Tampering
    DPAPI Abuse

    "I've spent the better part of two decades hunting threats across enterprise networks. If you implement what's in this guide, you will dramatically improve your ability to catch credential theft before it becomes a breach."

    — James McMurry, CEO & Founder

    Get the Free Guide

    Enter your details and we'll send the guide straight to your inbox.

    By submitting, you agree to our privacy policy. We'll never share your information.