T1552Techniquecredential-accessagent-callable

T1552Unsecured Credentials

Platforms: Windows · Azure AD · Office 365 · SaaS · IaaS · Linux · macOS · Google Workspace · Containers · Network

ATT&CK version: 14.1

What it is

Adversaries may search compromised systems to find and obtain insecurely stored credentials. These credentials can be stored and/or misplaced in many locations on a system, including plaintext files (e.g. [Bash History](https://attack.mitre.org/techniques/T1552/003)), operating system or application-specific repositories (e.g. [Credentials in Registry](https://attack.mitre.org/techniques/T1552/002)), or other specialized files/artifacts (e.g. [Private Keys](https://attack.mitre.org/techniques/T1552/004)).

ATT&CK tactics· 1

Credential Access

References

  1. https://attack.mitre.org/techniques/T1552
Sourced from MITRE ATT&CK Enterprise v14.1. Curated and contextualized for EU compliance use cases by Adam Lundqvist, Founder at SQUR.