Unsecured Credentials (T1552)
Tactic: Credential Access · Platforms: Windows, SaaS, IaaS, Linux, macOS, Containers, Network Devices, Office Suite, Identity Provider
The interactive view maps 1 detection strategy, 11 mitigations, 1 threat group, 4 software entries, 1 campaign to this technique, alongside D3FEND countermeasures and data-component coverage.
Overview
Adversaries may search compromised systems to find and obtain insecurely stored credentials. These credentials can be stored and/or misplaced in many locations on a system, including plaintext files (e.g. Shell History), operating system or application-specific repositories (e.g. Credentials in Registry), or other specialized files/artifacts (e.g. Private Keys).
Sub-techniques
- Credentials In Files (T1552.001)
- Credentials in Registry (T1552.002)
- Shell History (T1552.003)
- Private Keys (T1552.004)
- Cloud Instance Metadata API (T1552.005)
- Group Policy Preferences (T1552.006)
- Container API (T1552.007)
- Chat Messages (T1552.008)