Detecting Mimikatz in Lateral Movements Using Mutex

Advanced Persistent Threat (APT) is a stealthy computer network attack. Its threat lies in the fact that unauthorized access to a network is gained and the attackers, whether a person or a group may remain undetected for an extended period. APT group can spread and gain access to the most valuable assets in the targeted organization. Depending on the tools used by APT group it can be hard and complex to respond to those groups and their tools. Mimikatz is one of the most powerful tools used by many APT groups, penetration testers and malware. In this paper, we focus on lateral movement and APT detection of Mimikatz. The main objective is an increased accuracy level while reducing the detection time for any Mimikatz version within networks using a Mutex object. © 2020 IEEE.