T1003 - OS Credential Dumping

Record summary

A quick snapshot of what this page covers.

Records1Records included in this view.

SourcePublicBuilt from public source data.

ModeStaticPrepared as a ready-to-read page.

ATT&CK object

The broader cybersecurity technique connected to these AI records.

Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password. Credentials can be obtained from OS caches, memory, or structures.(Citation: Brining MimiKatz to Unix) Credentials can then be used to perform Lateral Movement and access restricted information.

Several of the tools mentioned in associated sub-techniques may be used by both adversaries and professional security testers. Additional custom tools likely exist as well.

ATT&CK ID: T1003
STIX ID: attack-pattern--0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22
Name: OS Credential Dumping
Connected AI records: 1

Connected AI records

AI security records connected to this cybersecurity technique.

AML.T0090 - OS Credential Dumping

Confidence: 1.00

Kindatlas_techniqueLink typesame_or_related_attack_techniqueMethodexact_attack_external_id

Source

Where this page information comes from.

Original source

Original source links

Open the public records and source datasets used for this page.

Repositoryhttps://github.com/mitre-attack/attack-stix-data Enterprise JSONhttps://github.com/mitre-attack/attack-stix-data/blob/master/enterprise-attack/enterprise-attack.json MITRE ATT&CK objecthttps://attack.mitre.org/techniques/T1003/