Unsecured Credentials (T1552)

Tactic: Credential Access · Platforms: Windows, SaaS, IaaS, Linux, macOS, Containers, Network Devices, Office Suite, Identity Provider

The interactive view maps 1 detection strategy, 11 mitigations, 1 threat group, 4 software entries, 1 campaign to this technique, alongside D3FEND countermeasures and data-component coverage.

Overview

Adversaries may search compromised systems to find and obtain insecurely stored credentials. These credentials can be stored and/or misplaced in many locations on a system, including plaintext files (e.g. Shell History), operating system or application-specific repositories (e.g. Credentials in Registry), or other specialized files/artifacts (e.g. Private Keys).

Sub-techniques

Explore