212 indexed
ATT&CKATT&CK techniques
212 top-level MITRE ATT&CK Enterprise techniques (T-IDs), grouped by tactic. Filter to a tactic or browse the full kill chain, then click into a technique for sub-techniques and mitigations. Authored by Adam Lundqvist.
19 in Credential Access · 212 total
| ID | Title | Summary |
|---|---|---|
| T1003 | OS Credential Dumping | Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the … |
| T1040 | Network Sniffing | Adversaries may sniff network traffic to capture information about an environment, including authentication material passed over the network. Network sniffing … |
| T1110 | Brute Force | Adversaries may use brute force techniques to gain access to accounts when passwords are unknown or when password hashes are obtained. Without knowledge of the… |
| T1111 | Multi-Factor Authentication Interception | Adversaries may target multi-factor authentication (MFA) mechanisms, (i.e., smart cards, token generators, etc.) to gain access to credentials that can be used… |
| T1167 | Securityd Memory | In OS X prior to El Capitan, users with root access can read plaintext keychain passwords of logged-in users because Apple’s keychain implementation allows the… |
| T1187 | Forced Authentication | Adversaries may gather credential material by invoking or forcing a user to automatically provide authentication information through a mechanism in which they … |
| T1212 | Exploitation for Credential Access | Adversaries may exploit software vulnerabilities in an attempt to collect credentials. Exploitation of a software vulnerability occurs when an adversary takes … |
| T1503 | Credentials from Web Browsers | Adversaries may acquire credentials from web browsers by reading files specific to the target browser. (Citation: Talos Olympic Destroyer 2018) Web browsers… |
| T1522 | Cloud Instance Metadata API | Adversaries may attempt to access the Cloud Instance Metadata API to collect credentials and other sensitive data. Most cloud service providers support a Clou… |
| T1528 | Steal Application Access Token | Adversaries can steal application access tokens as a means of acquiring credentials to access remote systems and resources. Application access tokens are used… |
| T1539 | Steal Web Session Cookie | An adversary may steal web application or service session cookies and use them to gain access to web applications or Internet services as an authenticated user… |
| T1552 | Unsecured Credentials | Adversaries may search compromised systems to find and obtain insecurely stored credentials. These credentials can be stored and/or misplaced in many locations… |
| T1555 | Credentials from Password Stores | Adversaries may search for common password storage locations to obtain user credentials. Passwords are stored in several places on a system, depending on the o… |
| T1556 | Modify Authentication Process | Adversaries may modify authentication mechanisms and processes to access user credentials or enable otherwise unwarranted access to accounts. The authenticatio… |
| T1557 | Adversary-in-the-Middle | Adversaries may attempt to position themselves between two or more networked devices using an adversary-in-the-middle (AiTM) technique to support follow-on beh… |
| T1558 | Steal or Forge Kerberos Tickets | Adversaries may attempt to subvert Kerberos authentication by stealing or forging Kerberos tickets to enable [Pass the Ticket](https://attack.mitre.org/techniq… |
| T1606 | Forge Web Credentials | Adversaries may forge credential materials that can be used to gain access to web applications or Internet services. Web applications and services (hosted in c… |
| T1621 | Multi-Factor Authentication Request Generation | Adversaries may attempt to bypass multi-factor authentication (MFA) mechanisms and gain access to accounts by generating MFA requests sent to users. Adversari… |
| T1649 | Steal or Forge Authentication Certificates | Adversaries may steal or forge certificates used for authentication to access remote systems or resources. Digital certificates are often used to sign and encr… |