Credential Dumping
https://attack.mitre.org/techniques/T1003/
ATT&CK ID: T1003
Description
Adversaries could attempt to extract credentials and account hashes from various areas of the Operating System. Clear-text passwords and hashes can be used by adversaries to perform Lateral Movement in the environment.
Sub Techniques
T1003.001: LSASS Memory
pageLSASS MemoryT1003.002: Security Account Manager (SAM)
pageSecurity Account Manager (SAM)T1003.003: NTDS
pageNTDST1003.004: LSA Secrets
pageLSA SecretsT1003.005: Cached Domain Credentials
pageCached Domain CredentialsT1003.006: DCSync
pageDCSyncLast updated