The adversary is trying to steal account names and passwords. Credential Access consists of techniques for stealing credentials like account names and passwords. Techniques used to get credentials include keylogging or credential dumping. Using legitimate credentials can give adversaries access to systems, make them harder to detect, and provide the opportunity to create more accounts to help achieve their goals.
View in MITRE ATT&CK®| Technique ID | Technique Name | Number of Mappings | Number of Subtechniques |
|---|---|---|---|
| T1557 | Adversary-in-the-Middle | 54 | 4 |
| T1003 | OS Credential Dumping | 41 | 8 |
| T1539 | Steal Web Session Cookie | 24 | 0 |
| T1040 | Network Sniffing | 41 | 0 |
| T1558 | Steal or Forge Kerberos Tickets | 34 | 5 |
| T1555 | Credentials from Password Stores | 25 | 6 |
| T1552 | Unsecured Credentials | 66 | 8 |
| T1649 | Steal or Forge Authentication Certificates | 11 | 0 |
| T1528 | Steal Application Access Token | 32 | 0 |
| T1606 | Forge Web Credentials | 18 | 2 |
| T1621 | Multi-Factor Authentication Request Generation | 13 | 0 |
| T1212 | Exploitation for Credential Access | 55 | 0 |
| T1110 | Brute Force | 47 | 4 |
| T1187 | Forced Authentication | 21 | 0 |
| T1056 | Input Capture | 5 | 4 |
| T1111 | Multi-Factor Authentication Interception | 12 | 0 |
| T1556 | Modify Authentication Process | 40 | 9 |