← Back to malware index
Mimikatz (tooling)
Attributions are based on open-source threat reports. A family appearing here means at least one syscall record cites it; absence does not imply non-use.
4 syscalls cited
- NtOpenProcessToken
Opens the access token associated with a process and returns a handle to it.
- NtAdjustPrivilegesToken
Enables or disables privileges in a specified access token.
- NtQueryInformationToken
Retrieves a specified class of information about an access token.
- NtDuplicateToken
Creates a new access token that duplicates an existing token, optionally changing its type and impersonation level.