← Back to Explore
T1555.001
Keychain
Adversaries may acquire credentials from Keychain. Keychain (or Keychain Services) is the macOS credential management system that stores account names, passwords, private keys, certificates, sensitive application data, payment data, and secure notes. There are three types of Keychains: Login Keychain, System Keychain, and Local Items (iCloud) Keychain. The default Keychain is the Login Keychain, which stores user passwords and information. The System Keychain stores items accessed by the operati...
macOS
6
Detections
2
Sources
1
Threat Actors
BY SOURCE
5elastic1sigma
PROCEDURES (4)
Service3 detections
Auto-extracted: 3 detections for service
Dump1 detections
Auto-extracted: 1 detections for dump
Dump1 detections
Auto-extracted: 1 detections for dump
Kerbero1 detections
Auto-extracted: 1 detections for kerbero
THREAT ACTORS (1)
DETECTIONS (6)
Credentials from Password Stores - Keychain
sigmamedium
Dumping of Keychain Content via Security Command
elastichigh
First Time Python Accessed Sensitive Credential Files
elasticmedium
Keychain CommandLine Interaction via Unsigned or Untrusted Process
elastichigh
Keychain Password Retrieval via Command Line
elastichigh
SystemKey Access via Command Line
elastichigh