I had never heard of Mimikatz until one week ago when Tim Medin from SANS came to Tokyo and gave a demonstration of how easy it is to pull plaintext passwords from RAM on a Windows box:
The Mimikatz kerberos command set enables modification of Kerberos tickets and interacts with the official Microsoft Kerberos API. This is the command that creates Golden Tickets. Pass the ticket is also possible with this command since it can inject Kerberos ticket(s) (TGT or TGS) into the current session. External Kerberos tools may be used for session injection, but they must follow the Kerberos credential format (KRB_CRED). Mimikatz kerberos also enables the creation of Silver Tickets which are Kerberos tickets (TGT or TGS) with arbitrary data enabling AD user/ group
Crypto enables export of certificates on the system that are not marked exportable since it bypasses the standard export process.
Vault enables dumping data from the Windows vault.
Lsadump enables dumping credential data from the Security Account Manager (SAM) database which contains the NTLM (sometimes LM hash) and supports online and offline mode as well as dumping credential data from the LSASS process in memory. Lsadump can also be used to dump cached credentials. In a Windows domain, credentials are cached (up to 10) in case a Domain Controller is unavailable for authentication. However, these credentials are stored on the computer.
This is a really powerful tool for demonstrating to prospective clients the importance of having a nuanced cyber security strategy.