Credential Dumping
https://attack.mitre.org/techniques/T1003/
ATT&CK ID: T1003
Description
Adversaries could attempt to extract credentials and account hashes from various areas of the Operating System. Clear-text passwords and hashes can be used by adversaries to perform Lateral Movement in the environment.
Sub Techniques
T1003.001: LSASS Memory
LSASS MemoryT1003.002: Security Account Manager (SAM)
Security Account Manager (SAM)T1003.003: NTDS
NTDST1003.004: LSA Secrets
LSA SecretsT1003.005: Cached Domain Credentials
Cached Domain CredentialsT1003.006: DCSync
DCSyncLast updated