The adversary is trying to steal account names and passwords. Credential Access consists of techniques for stealing credentials like account names and passwords. Techniques used to get credentials include keylogging or credential dumping. Using legitimate credentials can give adversaries access to systems, make them harder to detect, and provide the opportunity to create more accounts to help achieve their goals.
View in MITRE ATT&CK®| Technique ID | Technique Name | Number of Mappings | Number of Subtechniques |
|---|---|---|---|
| T1557 | Adversary-in-the-Middle | 24 | 2 |
| T1110 | Brute Force | 14 | 4 |
| T1555 | Credentials from Password Stores | 3 | 4 |
| T1212 | Exploitation for Credential Access | 24 | 0 |
| T1187 | Forced Authentication | 10 | 0 |
| T1606 | Forge Web Credentials | 6 | 2 |
| T1556 | Modify Authentication Process | 16 | 4 |
| T1040 | Network Sniffing | 11 | 0 |
| T1003 | OS Credential Dumping | 22 | 8 |
| T1528 | Steal Application Access Token | 19 | 0 |
| T1539 | Steal Web Session Cookie | 10 | 0 |
| T1558 | Steal or Forge Kerberos Tickets | 19 | 4 |
| T1111 | Two-Factor Authentication Interception | 7 | 0 |
| T1552 | Unsecured Credentials | 33 | 7 |