V
Scaner-VS
ENRU
HomeCatalogSourcesCWECAPECATT&CKMitigationsDocs
← Back to List
T1552Enterprise
Matrix: Enterprise
Status: Active
STIX: 19.0
Source ↗

Unsecured Credentials

Adversaries may search compromised systems to find and obtain insecurely stored credentials. These credentials can be stored and/or misplaced in many locations on a system, including plaintext files (e.g. Shell History), operating system or application-specific repositories (e.g. Credentials in Registry), or other specialized files/artifacts (e.g. Private Keys).

Tactics

Credential Access

Sub-techniques

T1552.001
Credentials In Files
T1552.002
Credentials in Registry
T1552.003
Shell History
T1552.004
Private Keys
T1552.005
Cloud Instance Metadata API
T1552.006
Group Policy Preferences
T1552.007
Container API
T1552.008
Chat Messages

Platforms

WindowsSaaSIaaSLinuxmacOSContainersNetwork DevicesOffice SuiteIdentity Provider

Mitigations

M1015
Active Directory Configuration
M1017
User Training
M1022
Restrict File and Directory Permissions
M1026
Privileged Account Management
M1027
Password Policies
M1028
Operating System Configuration
M1035
Limit Access to Resource Over Network
M1037
Filter Network Traffic
M1041
Encrypt Sensitive Information
M1047
Audit
M1051
Update Software
Open in catalog with ATT&CK filter →

Related CAPECs

Affected vulnerabilities (Inferred)

View on attack.mitre.org ↗
No matches — refine the filter to see a result.