Mimikatz

The mimikatz command requires a privileged process (high integrity) to run its commands. Badgers can load mimikatz’s reflective DLL module to perform all of the mimikatz commands in memory. The below example shows the password dumping technique from mimikatz

Make note that if you want to run subcommands of a module within mimikatz, each submodule has to be in double quotes. The mimikatz module is an exact replica of the mimikatz from benjamin delphi’s repository and is updated every 3 months. Another example of subcommand would be as follows: mimikatz “lsadump::dcsync /domain:bruteratel.corp /user:vendetta”