Authentication Package (T1131)

View on ATT&CK

In Playbook

Technique & Subtechniques

  • Authentication Package

Associated Tactics

  • Persistence

Persistence (TA0003)

The adversary is trying to maintain their foothold. Persistence consists of techniques that adversaries use to keep access to systems across restarts, changed credentials, and other interruptions that could cut off their access. Techniques used for persistence include any access, action, or configuration changes that let them maintain their foothold on systems, such as replacing or hijacking legitimate code or adding startup code.

View on ATT&CK

Procedure Examples

Description Source(s)
Microsoft. (n.d.). Authentication Packages. Retrieved March 1, 2017. MSDN Authentication Packages
Graeber, M. (2014, October). Analysis of Malicious Security Support Provider DLLs. Retrieved March 1, 2017. Graeber 2014
Microsoft. (2013, July 31). Configuring Additional LSA Protection. Retrieved June 24, 2015. Microsoft Configure LSA