What they can do with Mimikatz
Mimikatz is a open source app which is available on GitHub for anyone to download. This naturally includes malicious cybercriminals. They can use this software to steal user passwords if they have access to a computer.
This program was designed to serve as ethical hacking tool. The main goal was to help users recognize potential vulnerabilities and see how they could improve computer security. We already know that we must always keep our systems in good condition and that something fundamental is not to have vulnerabilities that can open the door to attackers.
It is not a new program, far from it. This means that nowadays most antivirus detects it as a threat and automatically cancels the download. This is so as a hacker can use it to collect plain text keys stored in the Windows operating system.
Your mission is scan for passwords, of vulnerabilities that you can use to achieve your goal. Logically this is a major problem in case it falls into the wrong hands and that attacker has access to our team.
But with the passage of time Mimikatz, and the associated code, has been improving. It can even be used from Powershell to steal passwords. Especially on older or unpatched computers, it can be a very dangerous program for our passwords.
With Mimikatz an attacker could carry out different techniques to steal passwords. These are some of the main ones:
How to avoid being a victim of Mimikatz
We have seen that with Mimikatz a hacker could have access to our security keys and put our computers at risk. This means that we must be protected at all times. We must avoid mistakes that could damage our privacy. For this reason we are going to give some tips to avoid being victims of this program.
Keep Windows always up to date
Undoubtedly something very important is to keep the operating system always updated. There are many vulnerabilities that can appear. Many types of flaws that in one way or another could be exploited by hackers. This means that we must install the latest available patches and have everything correctly updated.
Use a good antivirus
Of course we must also have a good antivirus installed. Security programs will prevent the entry of malware, malicious programs, such as Mimakatz. It is something that we must apply to any operating system, but in this case it would be Windows. Luckily we can find many options at our disposal.
Avoid downloading from unsafe sources
One of the ways hackers have to steal information, to sneak threats, is by downloading programs from untrustworthy sources. A cybercriminal could maliciously modify this software and infect the victim’s computer.
Our advice is always download from legitimate sources, official, and that they do not represent any problem for our security.
Check the network frequently
Could there be intruders on our network? This is something that could inevitably make it easier for hackers to steal our passwords. Therefore, we must frequently check our network and see that all connected equipment is legitimate. Otherwise we could have security problems.
Another question that cannot be missed is the common sense. Most attacks will require the interaction of the victim. Attackers are going to need us to make mistakes, like downloading malicious attachments or clicking on a link that is actually Phishing.
What a strong password should look like
Mimikatz is a program that can be used to steal plain text passwords. It is important that we always create reliable, strong keys that meet the appropriate requirements. We are going to give some tips for it.
Something basic is that the password is totally random. We should never use the same key in several places at the same time, since it could produce what is known as a domino effect. You have to use a unique one for each social network, email, etc.
Large amount of characters
A password should not only contain letters or numbers. Ideally, it should contain all kinds of characters. That is, it is important that you have letters (both uppercase and lowercase), numbers, and also other special symbols.
This will make it difficult to be found out. It can protect us from brute force attacks. Each symbol that we put, each additional letter or number, is going to increase security exponentially. Also, the higher the length best.
An example of a good password might be: 4 & -Nu29 &! G8aR7H. As we can see, here we have mixed a large number of different characters. It is interesting that it is totally random, that it is difficult for us to memorize it and that of course it does not contain anything that relates us (such as name, telephone number, etc.). This way we will be able to create a secure key.
Change it periodically
Any password could be guessed at any given moment in case there is a leak. For this reason we also want to recommend change password periodically. This is how we renew security. A social network or any platform we use may suffer a vulnerability, a data leak, and our password is exposed. Hence, it is very interesting to change it frequently and thus reduce the risk.
In short, the password is a very important part of our day-to-day security. We must always generate keys that are strong and complex, following the advice that we have avoided. This way we will also reduce the risk of attacks like Mimikatz and the like.