Password Filter DLL (T1174)

View on ATT&CK

In Playbook

Technique & Subtechniques

  • Password Filter DLL

Associated Tactics

  • Credential Access

Credential Access (TA0006)

The adversary is trying to steal account names and passwords. Credential Access consists of techniques for stealing credentials like account names and passwords. Techniques used to get credentials include keylogging or credential dumping. Using legitimate credentials can give adversaries access to systems, make them harder to detect, and provide the opportunity to create more accounts to help achieve their goals.

View on ATT&CK

Procedure Examples

Description Source(s)
Fuller, R. (2013, September 11). Stealing passwords every time they change. Retrieved November 21, 2017. Carnal Ownage Password Filters Sept 2013
Bialek, J. (2013, September 15). Intercepting Password Changes With Function Hooking. Retrieved November 21, 2017. Clymb3r Function Hook Passwords Sept 2013