Adversaries may search compromised systems to find and obtain insecurely stored credentials. These credentials can be stored and/or misplaced in many locations on a system, including plaintext files (e.g. Bash History), operating system or application-specific repositories (e.g. Credentials in Registry), or other specialized files/artifacts (e.g. Private Keys).
View in MITRE ATT&CK®| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name |
|---|---|---|---|---|
| cloud_hardware_security_module_(hsm) | Cloud Hardware Security Module (HSM) | technique_scores | T1552 | Unsecured Credentials |
| actifio_go | Actifio Go | technique_scores | T1552 | Unsecured Credentials |
| cloud_key_management | Cloud Key Management | technique_scores | T1552 | Unsecured Credentials |
| chronicle | Chronicle | technique_scores | T1552 | Unsecured Credentials |
| secret_manager | Secret Manager | technique_scores | T1552 | Unsecured Credentials |
| Technique ID | Technique Name | Number of Mappings |
|---|---|---|
| T1552.005 | Cloud Instance Metadata API | 1 |
| T1552.007 | Container API | 3 |
| T1552.001 | Credentials In Files | 2 |
| T1552.004 | Private Keys | 2 |