Adversaries may exploit software vulnerabilities in an attempt to collect credentials. Exploitation of a software vulnerability occurs when an adversary takes advantage of a programming error in a program, service, or within the operating system software or kernel itself to execute adversary-controlled code. Credentialing and authentication mechanisms may be targeted for exploitation by adversaries as a means to gain access to useful credentials or circumvent the process to gain access to systems. One example of this is MS14-068, which targets Kerberos and can be used to forge Kerberos tickets using domain user permissions.(Citation: Technet MS14-068)(Citation: ADSecurity Detecting Forged Tickets) Exploitation for credential access may also result in Privilege Escalation depending on the process targeted or credentials obtained.
View in MITRE ATT&CK®| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name |
|---|---|---|---|---|
| artifact_registry | Artifact Registry | technique_scores | T1212 | Exploitation for Credential Access |
| chronicle | Chronicle | technique_scores | T1212 | Exploitation for Credential Access |
| policy_intelligence | Policy Intelligence | technique_scores | T1212 | Exploitation for Credential Access |
| vmmanager | VMManager | technique_scores | T1212 | Exploitation for Credential Access |
| container_registry | Container Registry | technique_scores | T1212 | Exploitation for Credential Access |