EXPLORE

← Back to Explore

T1212

Exploitation for Credential Access

Adversaries may exploit software vulnerabilities in an attempt to collect credentials. Exploitation of a software vulnerability occurs when an adversary takes advantage of a programming error in a program, service, or within the operating system software or kernel itself to execute adversary-controlled code. Credentialing and authentication mechanisms may be targeted for exploitation by adversaries as a means to gain access to useful credentials or circumvent the process to gain authenticated ...

LinuxWindowsmacOSIdentity Provider

11

Detections

3

Sources

1

Threat Actors

BY SOURCE

4elastic4sigma3splunk_escu

PROCEDURES (7)

General Monitoring3 detections

Auto-extracted: 3 detections for general monitoring

Privilege2 detections

Auto-extracted: 2 detections for privilege

Credential1 detections

Auto-extracted: 1 detections for credential

Authentication Monitoring1 detections

Auto-extracted: 1 detections for authentication monitoring

Credential1 detections

Auto-extracted: 1 detections for credential

Privilege1 detections

Auto-extracted: 1 detections for privilege

Privilege1 detections

Auto-extracted: 1 detections for privilege

THREAT ACTORS (1)

DETECTIONS (11)

Audit CVE Event

Guacamole Two Users Sharing Session Anomaly

Kerberos Manipulation

Kubernetes Nginx Ingress LFI

Kubernetes Nginx Ingress RFI

Manual Memory Dumping via Proc Filesystem

Potential Linux Credential Dumping via Proc Filesystem

Potential Local NTLM Relay via HTTP

Segfault from Sensitive Process Detected

Suspicious NTLM Authentication on the Printer Spooler Service

Windows ConvertTo-AADIntBackdoor Execution Via PowerShell Script