Credential Dumping

https://attack.mitre.org/techniques/T1003/

ATT&CK ID: T1003

Description

Adversaries could attempt to extract credentials and account hashes from various areas of the Operating System. Clear-text passwords and hashes can be used by adversaries to perform Lateral Movement in the environment.

Sub Techniques

T1003.001: LSASS Memory

LSASS Memory

T1003.002: Security Account Manager (SAM)

Security Account Manager (SAM)

T1003.003: NTDS

NTDS

T1003.004: LSA Secrets

LSA Secrets

T1003.005: Cached Domain Credentials

Cached Domain Credentials

T1003.006: DCSync

DCSync