Credential Dumping

https://attack.mitre.org/techniques/T1003/

ATT&CK ID: T1003

Description

Adversaries could attempt to extract credentials and account hashes from various areas of the Operating System. Clear-text passwords and hashes can be used by adversaries to perform Lateral Movement in the environment.

Sub Techniques

Last updated 3 years ago

hashtagSub Techniques

hashtagT1003.001: LSASS Memory

hashtagT1003.002: Security Account Manager (SAM)

hashtagT1003.003: NTDS

hashtagT1003.004: LSA Secrets

hashtagT1003.005: Cached Domain Credentials

hashtagT1003.006: DCSync

Sub Techniques

T1003.001: LSASS Memory

T1003.002: Security Account Manager (SAM)

T1003.003: NTDS

T1003.004: LSA Secrets

T1003.005: Cached Domain Credentials

T1003.006: DCSync