Mimikatz is an open-source tool capable of extracting plaintext passwords, Kerberos tickets, and NTLM hashes from Windows system memory. Attackers use it after gaining initial access to move laterally through a network (credential dumping). It is one of the most commonly used post-exploitation tools. Defenses include enabling Credential Guard in Windows, disabling WDigest authentication, and restricting debug privileges (SeDebugPrivilege). In penetration tests, Mimikatz regularly appears as evidence of insufficient credential protection.