Forge Web Credentials (T1606)

View on ATT&CK

In Playbook

Technique & Subtechniques

Associated Tactics

  • Credential Access

Credential Access (TA0006)

The adversary is trying to steal account names and passwords. Credential Access consists of techniques for stealing credentials like account names and passwords. Techniques used to get credentials include keylogging or credential dumping. Using legitimate credentials can give adversaries access to systems, make them harder to detect, and provide the opportunity to create more accounts to help achieve their goals.

View on ATT&CK

Procedure Examples

Description Source(s)
AWS. (n.d.). Requesting temporary security credentials. Retrieved April 1, 2022. AWS Temporary Security Credentials
Chen, Y., Hu, W., Xu, Z., et. al. (2019, January 31). Mac Malware Steals Cryptocurrency Exchanges’ Cookies. Retrieved October 14, 2019. Unit 42 Mac Crypto Cookies January 2019
Damian Hickey. (2017, January 28). AWS-ADFS-Credential-Generator. Retrieved September 27, 2024. GitHub AWS-ADFS-Credential-Generator
MSRC. (2020, December 13). Customer Guidance on Recent Nation-State Cyber Attacks. Retrieved December 17, 2020. Microsoft SolarWinds Customer Guidance
Rehberger, J. (2018, December). Pivot to the Cloud using Pass the Cookie. Retrieved April 5, 2019. Pass The Cookie
Zimbra. (2023, March 16). Preauth. Retrieved May 31, 2023. Zimbra Preauth