Exploitation for Credential Access (T1212)

View on ATT&CK

In Playbook

Technique & Subtechniques

  • Exploitation for Credential Access

Associated Tactics

  • Credential Access

Credential Access (TA0006)

The adversary is trying to steal account names and passwords. Credential Access consists of techniques for stealing credentials like account names and passwords. Techniques used to get credentials include keylogging or credential dumping. Using legitimate credentials can give adversaries access to systems, make them harder to detect, and provide the opportunity to create more accounts to help achieve their goals.

View on ATT&CK

Procedure Examples

Description Source(s)
Bugcrowd. (n.d.). Replay Attack. Retrieved September 27, 2023. Bugcrowd Replay Attack
Justin Schamotta. (2022, October 28). What is a replay attack?. Retrieved September 27, 2023. Comparitech Replay Attack
Metcalf, S. (2015, May 03). Detecting Forged Kerberos Ticket (Golden Ticket & Silver Ticket) Use in Active Directory. Retrieved December 23, 2015. ADSecurity Detecting Forged Tickets
Microsoft Threat Intelligence. (2023, July 14). Analysis of Storm-0558 techniques for unauthorized email access. Retrieved September 18, 2023. Storm-0558 techniques for unauthorized email access
Microsoft Threat Intelligence. (2023, June 21). Credential Attacks. Retrieved September 12, 2024. Microsoft Midnight Blizzard Replay Attack
Microsoft. (2014, November 18). Vulnerability in Kerberos Could Allow Elevation of Privilege (3011780). Retrieved December 23, 2015. Technet MS14-068