Back to ATT&CK Hub
T1003

OS Credential Dumping

Credential Access
Featured

Adversaries may attempt to dump credentials to obtain account login and password information, normally in hashed form.

View on MITRE ATT&CK

Real-World Example

Mimikatz is the quintessential tool for dumping credentials from LSASS memory, used by virtually all sophisticated threat actors.

Defense Strategies

  • Credential Guard
  • LSASS protection
  • Restrict debug privileges
  • Monitor for credential dumping tools

Detection Methods

  • Monitor LSASS access
  • Detect Mimikatz signatures
  • Track debug privilege usage
  • Alert on credential manager access

Related Techniques in Credential Access

T1110

Brute Force

Ready to learn more techniques and test your knowledge?