Credentials in Files (T1081)

View on ATT&CK

In Playbook

Technique & Subtechniques

  • Credentials in Files

Associated Tactics

  • Credential Access

Credential Access (TA0006)

The adversary is trying to steal account names and passwords. Credential Access consists of techniques for stealing credentials like account names and passwords. Techniques used to get credentials include keylogging or credential dumping. Using legitimate credentials can give adversaries access to systems, make them harder to detect, and provide the opportunity to create more accounts to help achieve their goals.

View on ATT&CK

Procedure Examples

Description Source(s)
capec
CG. (2014, May 20). Mimikatz Against Virtual Machine Memory Part 1. Retrieved November 12, 2014. CG 2014
Security Research and Defense. (2014, May 13). MS14-025: An Update for Group Policy Preferences. Retrieved January 28, 2015. SRD GPP
Maddalena, C.. (2018, September 12). Head in the Clouds. Retrieved October 4, 2019. Specter Ops - Cloud Credential Storage