← Back to Explore
T1558.005
Ccache Files
Adversaries may attempt to steal Kerberos tickets stored in credential cache files (or ccache). These files are used for short term storage of a user's active session credentials. The ccache file is created upon user authentication and allows for access to multiple services without the user having to re-enter credentials. The <code>/etc/krb5.conf</code> configuration file and the <code>KRB5CCNAME</code> environment variable are used to set the storage location for ccache entries. On Linux, cr...
LinuxmacOS
3
Detections
1
Sources
0
Threat Actors
BY SOURCE
3elastic
PROCEDURES (3)
Credential1 detections
Auto-extracted: 1 detections for credential
Credential1 detections
Auto-extracted: 1 detections for credential
Dump1 detections
Auto-extracted: 1 detections for dump