How to Detect and Defeat Mimikatz
17 production-ready detections with working KQL and OpenSearch queries, each mapped to MITRE ATT&CK — covering the full attack surface most teams miss.
By James McMurry, CEO & Founder, ThreatHunter.ai
What's Inside
17 Working Detections
Production-ready KQL and OpenSearch queries you can deploy today. No theory — real queries for real threats.
MITRE ATT&CK Mapped
Every detection mapped to specific MITRE ATT&CK techniques for compliance reporting and gap analysis.
14+ Attack Modules Covered
Most teams detect one or two Mimikatz modules. This guide covers the full attack surface.
Logging & Hardening Included
Prerequisites, prevention hardening, and a hunting cadence to keep your detections working.
Full Attack Surface Coverage
Mimikatz has 14+ distinct attack modules, but most organizations only detect one or two. This guide covers:
"I've spent the better part of two decades hunting threats across enterprise networks. If you implement what's in this guide, you will dramatically improve your ability to catch credential theft before it becomes a breach."
— James McMurry, CEO & Founder
Get the Free Guide
Enter your details and we'll send the guide straight to your inbox.