Adversaries may search compromised systems to find and obtain insecurely stored credentials. These credentials can be stored and/or misplaced in many locations on a system, including plaintext files (e.g. Bash History), operating system or application-specific repositories (e.g. Credentials in Registry), or other specialized files/artifacts (e.g. Private Keys).
View in MITRE ATT&CK®Technique ID | Technique Name | Number of Mappings |
---|---|---|
T1552.003 | Bash History | 4 |
T1552.005 | Cloud Instance Metadata API | 13 |
T1552.001 | Credentials In Files | 21 |
T1552.002 | Credentials in Registry | 18 |
T1552.006 | Group Policy Preferences | 14 |
T1552.004 | Private Keys | 24 |