1. Home
  2. ATT&CK Techniques
  3. T1552 Unsecured Credentials

T1552 Unsecured Credentials Mappings

Adversaries may search compromised systems to find and obtain insecurely stored credentials. These credentials can be stored and/or misplaced in many locations on a system, including plaintext files (e.g. Bash History), operating system or application-specific repositories (e.g. Credentials in Registry), or other specialized files/artifacts (e.g. Private Keys).(Citation: Brining MimiKatz to Unix)

View in MITRE ATT&CK®

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
amazon_guardduty Amazon GuardDuty technique_scores T1552 Unsecured Credentials
aws_cloudhsm AWS CloudHSM technique_scores T1552 Unsecured Credentials
aws_config AWS Config technique_scores T1552 Unsecured Credentials
aws_iot_device_defender AWS IoT Device Defender technique_scores T1552 Unsecured Credentials
aws_key_management_service AWS Key Management Service technique_scores T1552 Unsecured Credentials
aws_secrets_manager AWS Secrets Manager technique_scores T1552 Unsecured Credentials

ATT&CK Subtechniques

Technique ID Technique Name Number of Mappings
T1552.005 Cloud Instance Metadata API 2
T1552.002 Credentials in Registry 1
T1552.004 Private Keys 4
T1552.001 Credentials In Files 5
T1552.007 Container API 1