Mimikatz"A little tool to play with Windows security."
Mimikatz is a Windows post-exploitation tool written by Benjamin Delpy (@gentilkiwi). It allows for the extraction of plaintext credentials from memory, password hashes from local SAM/NTDS.dit databases, advanced Kerberos functionality, and more.
The Mimikatz codebase is located at https://github.com/gentilkiwi/mimikatz/, and there is also an expanded wiki at https://github.com/gentilkiwi/mimikatz/wiki . Empire uses an adapted version of PowerSploit’s Invoke-Mimikatz function written by Jospeh Bialek to execute Mimikatz functionality in straight PowerShell without touching disk.