operator
ChainsTTPsBlogLogin
menu

OS Credential Dumping (T1003)

Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information. Several of the tools mentioned in associated sub-techniques may be used by both adversaries and professional security testers. Additional custom tools likely exist as well.

Source: https://github.com/mitre/cti
Related Prelude attack chains
Release Date (Newest)
Filterfilter
Search for chains, TTPs, themes, and text

Browse By:

Platforms

  • All
  • Windows
  • Darwin
  • Linux
  • Global
  • Android

Themes

Tags

Licenses

Is my host protected against Crackmapexec?

2023-02-07

/static/assets/windows-logo.svg/static/assets/linux-logo.svg/static/assets/apple-logo.svg
Deploy Crackmapexec to dump SAM and LSA and execute system commands
Is my host protected against Cuba Ransomware?

2022-12-27

/static/assets/windows-logo.svg
Stage and execute Cuba Ransomware.
Can this host mitigate procedures used in LokiBot malware?

2022-08-23

/static/assets/windows-logo.svg
Emulates LokiBot Password Stealer's procedures for credential harvesting.
Conti Privilege Escalation and Persistence

2022-01-25

/static/assets/windows-logo.svg
Use PrintNightmare & ZeroLogon exploits to gain privileges and extract the krbtgt NTLM hash from a DC.
1
About PreludePrelude hardens an organization's defenses by continuously “asking” it questions through the form of safe cyberattacks. These attacks respond immediately to the latest vulnerabilities and cyber events, turning complex technical descriptions into deployable “questions”.Our mission is to increase the reach, frequency and usage of advanced security for all organizations.
twitterFollow @preludeorg on Twitter for new chains and more.
discordJoin the Prelude Discord to discuss chains and more.
githubKeep up to date with code changes and community activity on Github
operator
preludesecurity.comCareersTactics & TechniquesAttack themes
Privacy Policysupport@preludesecurity.com© 2023 Prelude Research, Inc.All rights reserved. Prelude, its logo and other trademarks are trademarks of Prelude Research, Inc. and may not be used without permission.