OS Credential Dumping
Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password. Credentials can be obtained from OS caches, memory, or structures.(Citation: Brining MimiKatz to Unix) Credentials can then be used to perform [Lateral Movement](https://attack.mitre.org/tactics/TA0008) and access restricted information. Several of the tools mentioned in associated sub-techniques may be used by both adversaries and professional se...
BY SOURCE
PROCEDURES (72)
Auto-extracted: 5 detections for service
Auto-extracted: 4 detections for process creation monitoring
Auto-extracted: 4 detections for dump
Auto-extracted: 3 detections for mimikatz
Auto-extracted: 3 detections for lsass
Auto-extracted: 3 detections for ntds
Auto-extracted: 3 detections for lsass
Auto-extracted: 3 detections for service
Auto-extracted: 2 detections for exfiltrat
Auto-extracted: 2 detections for general monitoring
Auto-extracted: 2 detections for privilege
Auto-extracted: 2 detections for powershell
Auto-extracted: 2 detections for dump
Auto-extracted: 2 detections for dcsync
Auto-extracted: 2 detections for encrypt
Auto-extracted: 2 detections for ransomware
Auto-extracted: 2 detections for lateral
Auto-extracted: 2 detections for registry
Auto-extracted: 2 detections for shadow cop
Auto-extracted: 2 detections for registry
Auto-extracted: 2 detections for credential
Auto-extracted: 2 detections for dump
Auto-extracted: 1 detections for bypass
Auto-extracted: 1 detections for dump
Auto-extracted: 1 detections for mimikatz
Auto-extracted: 1 detections for bypass
Auto-extracted: 1 detections for remote
Auto-extracted: 1 detections for credential
Auto-extracted: 1 detections for lateral
Auto-extracted: 1 detections for persist
Auto-extracted: 1 detections for inject
Auto-extracted: 1 detections for suspicious
Auto-extracted: 1 detections for script block
Auto-extracted: 1 detections for api
Auto-extracted: 1 detections for token
Auto-extracted: 1 detections for ransomware
Auto-extracted: 1 detections for azure
Auto-extracted: 1 detections for inject
Auto-extracted: 1 detections for aws
Auto-extracted: 1 detections for encrypt
Auto-extracted: 1 detections for exfiltrat
Auto-extracted: 1 detections for suspicious
Auto-extracted: 1 detections for privilege
Auto-extracted: 1 detections for azure
Auto-extracted: 1 detections for unusual
Auto-extracted: 1 detections for remote
Auto-extracted: 1 detections for inject
Auto-extracted: 1 detections for lateral
Auto-extracted: 1 detections for exfiltrat
Auto-extracted: 1 detections for api
Auto-extracted: 1 detections for remote
Auto-extracted: 1 detections for script block
Auto-extracted: 1 detections for file monitoring
Auto-extracted: 1 detections for token
Auto-extracted: 1 detections for exfiltrat
Auto-extracted: 1 detections for remote
Auto-extracted: 1 detections for api
Auto-extracted: 1 detections for inject
Auto-extracted: 1 detections for lateral
Auto-extracted: 1 detections for lateral
Auto-extracted: 1 detections for ntds
Auto-extracted: 1 detections for dump
Auto-extracted: 1 detections for command line monitoring
Auto-extracted: 1 detections for kerbero
Auto-extracted: 1 detections for kerbero
Auto-extracted: 1 detections for service
Auto-extracted: 1 detections for mimikatz
Auto-extracted: 1 detections for service
Auto-extracted: 1 detections for aws
Auto-extracted: 1 detections for unusual
Auto-extracted: 1 detections for dcsync
Auto-extracted: 1 detections for bypass