TA0006ATT&CK 14.1

TA0006Credential Access

Description

The adversary is trying to steal account names and passwords. Credential Access consists of techniques for stealing credentials like account names and passwords. Techniques used to get credentials include keylogging or credential dumping. Using legitimate credentials can give adversaries access to systems, make them harder to detect, and provide the opportunity to create more accounts to help achieve their goals.

Techniques in this tactic· 19

T1003

OS Credential Dumping

T1040

Network Sniffing

T1056

T1110

T1111

Multi-Factor Authentication Interception

T1167

Securityd Memory

T1187

Forced Authentication

T1212

Exploitation for Credential Access

T1503

Credentials from Web Browsers

T1522

Cloud Instance Metadata API

T1528

Steal Application Access Token

T1539

Steal Web Session Cookie

T1552

Unsecured Credentials

T1555

Credentials from Password Stores

T1556

Modify Authentication Process

T1557

Adversary-in-the-Middle

T1558

Steal or Forge Kerberos Tickets

T1606

Forge Web Credentials

T1621

Multi-Factor Authentication Request Generation

Sub-techniques in this tactic· 47

T1003.001 T1003.002 T1003.003 T1003.004 T1003.005 T1003.006 T1003.007 T1003.008 T1056.001 T1056.002 T1056.003 T1056.004 T1110.001 T1110.002 T1110.003 T1110.004 T1552.001 T1552.002 T1552.003 T1552.004 T1552.005 T1552.006 T1552.007 T1552.008 T1555.001 T1555.002 T1555.003 T1555.004 T1555.005 T1555.006 T1556.001 T1556.002 T1556.003 T1556.004 T1556.005 T1556.006 T1556.007 T1556.008 T1557.001 T1557.002+7 more

References

https://attack.mitre.org/tactics/TA0006

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Exploitation for Credential Access

Privilege Escalation

OS Credential Dumping

Credentials from Password Stores

Capture Credentials via Keylogger

Sourced from MITRE ATT&CK Enterprise 14.1. Curated by Adam Lundqvist, Founder at SQUR.