Detecttechnique

D3-CCSACredential Compromise Scope Analysis

Credential Compromise Scope Analysis

Definition

Determining which credentials may have been compromised by analyzing the user logon history of a particular system.

Defends against19

TypeTargetConfidenceTier
SubTechniqueMake and Impersonate Tokent1134.003100%live
SubTechnique/etc/passwd and /etc/shadowt1003.008100%live
SubTechniquePassword Crackingt1110.002100%live
SubTechniquePassword Sprayingt1110.003100%live
TechniqueSteal or Forge Kerberos Ticketst1558100%live
TechniqueSteal Application Access Tokent1528100%live
SubTechniqueCreate Process with Tokent1134.002100%live
TechniqueUnsecured Credentialst1552100%live
SubTechniqueAdditional Cloud Credentialst1098.001100%live
SubTechniqueNTDSt1003.003100%live
SubTechniqueCached Domain Credentialst1003.005100%live
TechniqueSteal Web Session Cookiet1539100%live
SubTechniqueWeb Cookiest1606.001100%live
SubTechniqueToken Impersonation/Theftt1134.001100%live
SubTechniqueWeb Session Cookiet1550.004100%live
SubTechniqueApplication Access Tokent1550.001100%live
SubTechniqueGolden Tickett1558.001100%live
SubTechniquePassword Guessingt1110.001100%live
TechniqueForge Web Credentialst1606100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Defence
Connection Attempt Analysis
Defence
System Call Analysis
Defence
Credential Scrubbing
Defence
Session Duration Analysis
Defence
Identifier Activity Analysis
Defence
Script Execution Analysis
Sourced from MITRE D3FEND ontology. Curated by Adam Lundqvist, SQUR.