Credential Dumping

ATT&CK ID: T1003


Adversaries could attempt to extract credentials and account hashes from various areas of the Operating System. Clear-text passwords and hashes can be used by adversaries to perform Lateral Movement in the environment.

Sub Techniques

T1003.001: LSASS Memory

pageLSASS Memory

T1003.002: Security Account Manager (SAM)

pageSecurity Account Manager (SAM)

T1003.003: NTDS


T1003.004: LSA Secrets

pageLSA Secrets

T1003.005: Cached Domain Credentials

pageCached Domain Credentials

T1003.006: DCSync


Last updated