Unsecured Credentials

https://attack.mitre.org/techniques/T1552/

ATT&CK ID: T1552

Description

Adversaries may search compromised systems to find and obtain insecurely stored credentials. These credentials can be stored and/or misplaced in many locations on a system, including plaintext files (e.g. Bash History), operating system or application-specific repositories (e.g. Credentials in Registry), or other specialized files/artifacts (e.g. Private Keys).

Sub Techniques

T1552:001: Credentials in Files

pageCredentials In Files

T1552:002: Credentials in Registry

pageCredentials in Registry

T1552:006: Group Policy preferences

pageGroup Policy Preferences