Data from Local System
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration. Adversaries may do this using a [Command and Scripting Interpreter](https://attack.mitre.org/techniques/T1059), such as [cmd](https://attack.mitre.org/software/S0106) as well as a [Network Device CLI](https://attack.mitre.org/techniques/T1059/008), which have functionality to interac...
BY SOURCE
PROCEDURES (33)
Auto-extracted: 3 detections for credential
Auto-extracted: 3 detections for general monitoring
Auto-extracted: 3 detections for process creation monitoring
Auto-extracted: 2 detections for dump
Auto-extracted: 2 detections for credential
Auto-extracted: 2 detections for suspicious
Auto-extracted: 2 detections for remote
Auto-extracted: 2 detections for saml
Auto-extracted: 2 detections for container
Auto-extracted: 2 detections for c2
Auto-extracted: 1 detections for lateral
Auto-extracted: 1 detections for encrypt
Auto-extracted: 1 detections for service
Auto-extracted: 1 detections for suspicious
Auto-extracted: 1 detections for privilege
Auto-extracted: 1 detections for container
Auto-extracted: 1 detections for credential
Auto-extracted: 1 detections for container
Auto-extracted: 1 detections for kubernetes
Auto-extracted: 1 detections for download
Auto-extracted: 1 detections for credential
Auto-extracted: 1 detections for service
Auto-extracted: 1 detections for dump
Auto-extracted: 1 detections for http
Auto-extracted: 1 detections for cloud
Auto-extracted: 1 detections for startup
Auto-extracted: 1 detections for startup
Auto-extracted: 1 detections for lateral
Auto-extracted: 1 detections for encrypt
Auto-extracted: 1 detections for powershell
Auto-extracted: 1 detections for powershell
Auto-extracted: 1 detections for cloud
Auto-extracted: 1 detections for kernel monitoring