Skip to main content
Cyber Defense TacticsCyber Defense Tactics
HomeLearnResourcesBlogCommunity
Cyber Defense TacticsCyber Defense Tactics

Learn defensive security, leverage AI for cyber defense, and join a community of security professionals.

Learning

  • Blog
  • Resources
  • Newsletter

Community

  • Discord
  • YouTube
  • About

Legal

  • Privacy Policy
  • Terms of Service

© 2026 Cyber Defense Tactics. All rights reserved.

A Carbene.AI Project

Back to ATT&CK Hub
T1003

OS Credential Dumping

Credential Access
Featured

Adversaries may attempt to dump credentials to obtain account login and password information, normally in hashed form.

View on MITRE ATT&CK

Real-World Example

Mimikatz is the quintessential tool for dumping credentials from LSASS memory, used by virtually all sophisticated threat actors.

Defense Strategies

  • Credential Guard
  • LSASS protection
  • Restrict debug privileges
  • Monitor for credential dumping tools

Detection Methods

  • Monitor LSASS access
  • Detect Mimikatz signatures
  • Track debug privilege usage
  • Alert on credential manager access

Related Techniques in Credential Access

T1110

Brute Force

Ready to explore more techniques and join the community?