Securityd Memory (T1167)

View on ATT&CK

In Playbook

Technique & Subtechniques

  • Securityd Memory

Associated Tactics

  • Credential Access

Credential Access (TA0006)

The adversary is trying to steal account names and passwords. Credential Access consists of techniques for stealing credentials like account names and passwords. Techniques used to get credentials include keylogging or credential dumping. Using legitimate credentials can give adversaries access to systems, make them harder to detect, and provide the opportunity to create more accounts to help achieve their goals.

View on ATT&CK

Procedure Examples

Description Source(s)
Juuso Salonen. (2012, September 5). Breaking into the OS X keychain. Retrieved July 15, 2017. OS X Keychain
Alex Rymdeko-Harvey, Steve Borosh. (2016, May 14). External to DA, the OS X Way. Retrieved July 3, 2017. External to DA, the OS X Way
Marc-Etienne M.Leveille. (2016, July 6). New OSX/Keydnap malware is hungry for credentials. Retrieved July 3, 2017. OSX Keydnap malware