Credential dumping
Definition
Extraction of authentication credentials from operating system memory, the Windows SAM database, Active Directory, or credential stores. Tools such as Mimikatz target the LSASS process. Dumped credentials allow attackers to authenticate as other users without knowing their passwords in plaintext.
Related terms
- Lateral movement
- Attacker activity after initial compromise in which the threat actor traverses from one internal system to another, typically to escalate privileges, access...
- Living-off-the-land (LotL)
- An attack approach where the adversary uses tools and binaries already present on the target system, such as PowerShell, WMI, certutil, or...
- MITRE ATT&CK
- A publicly available knowledge base of adversary tactics, techniques, and procedures derived from real-world intrusion observations. Maintained by the MITRE Corporation. Techniques...
- Tactic
- The adversary's high-level objective at a given stage of the attack: for example, Initial Access, Execution, Persistence, Privilege Escalation, or Exfiltration. ATT&CK...
- Technique
- A specific method an adversary uses to achieve a tactic. Each technique has a unique identifier such as T1059 (Command and Scripting...
Explained in
- Common Attack Techniques and Tactics, Techniques and ProceduresExtraction of authentication credentials from operating system memory, the Windows SAM database, Active Directory, or credential stores. Tools such as Mimikatz...