MITRE ATT&CK / T1552
T1552
Unsecured Credentials
Credential Access
Description
Adversaries may search compromised systems to find and obtain insecurely stored credentials. These credentials can be stored and/or misplaced in many locations on a system, including plaintext files (e.g. [Shell History](https://attack.mitre.org/techniques/T1552/003)), operating system or application-specific repositories (e.g. [Credentials in Registry](https://attack.mitre.org/techniques/T1552/002)), or other specialized files/artifacts (e.g. [Private Keys](https://attack.mitre.org/techniques/T1552/004)).(Citation: Brining MimiKatz to Unix)
Platforms
WindowsSaaSIaaSLinuxmacOSContainersNetwork DevicesOffice SuiteIdentity Provider
Mitigations
- M1041 — Encrypt Sensitive Information
- M1051 — Update Software
- M1017 — User Training
- M1015 — Active Directory Configuration
- M1027 — Password Policies
- M1028 — Operating System Configuration
- M1037 — Filter Network Traffic
- M1022 — Restrict File and Directory Permissions
- M1035 — Limit Access to Resource Over Network
- M1047 — Audit
- M1026 — Privileged Account Management
Look up any technique
Use our free MITRE ATT&CK lookup tool, or browse the full ATT&CK matrix.
Our coverage
- UAT-8302 China APT Malware Analysis: Shared Implants, IOCs, and Detection Rules
- Ruby Gem Supply Chain Attack Detection: CI Checklist for Sleeper Packages
- DEEP#DOOR Python Backdoor Detection: YARA Rules, Network IOCs, and Credential Theft Defences
Source: MITRE ATT&CK Enterprise matrix. View on attack.mitre.org →