EXPLORE
Sign In
← Back to Explore
T1212

Exploitation for Credential Access

Adversaries may exploit software vulnerabilities in an attempt to collect credentials. Exploitation of a software vulnerability occurs when an adversary takes advantage of a programming error in a program, service, or within the operating system software or kernel itself to execute adversary-controlled code.  Credentialing and authentication mechanisms may be targeted for exploitation by adversaries as a means to gain access to useful credentials or circumvent the process to gain authenticated ...

LinuxWindowsmacOSIdentity Provider
9
Detections
3
Sources
1
Threat Actors

BY SOURCE

4sigma3elastic2splunk_escu

PROCEDURES (7)

General Monitoring2 detections

Auto-extracted: 2 detections for general monitoring

Kubernetes2 detections

Auto-extracted: 2 detections for kubernetes

Credential1 detections

Auto-extracted: 1 detections for credential

Service1 detections

Auto-extracted: 1 detections for service

Service1 detections

Auto-extracted: 1 detections for service

Credential1 detections

Auto-extracted: 1 detections for credential

Suspicious1 detections

Auto-extracted: 1 detections for suspicious

THREAT ACTORS (1)

UNC3886

DETECTIONS (9)

Audit CVE Event
sigmacritical
Guacamole Two Users Sharing Session Anomaly
sigmahigh
Kerberos Manipulation
sigmahigh
Kubernetes Nginx Ingress LFI
splunk_escu
Kubernetes Nginx Ingress RFI
splunk_escu
Manual Memory Dumping via Proc Filesystem
elastichigh
Potential Linux Credential Dumping via Proc Filesystem
elastichigh
Potential Local NTLM Relay via HTTP
elastichigh
Suspicious NTLM Authentication on the Printer Spooler Service
sigmahigh