Browsing 31 concepts
The automated injection of breached username/password pairs in order to fraudulently gain access to user accounts.
A type of malicious code or software intended to harm or compromise the confidentiality, integrity, or availability of a victim's device or data.
Adversaries may attempt to dump credentials to obtain account login and credential material.
Adversaries may use fallback or alternate communication channels if the primary channel is compromised or inaccessible.
Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges.
Adversaries may use methods of capturing user input to obtain credentials.
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Adversaries may attempt to find a listing of groups and permission settings.
Adversaries may obtain and abuse credentials of existing accounts as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion.
Adversaries may use brute force techniques to attempt to gain access to accounts when they do not know the password or when the password is not strong.
Adversaries may target multi-factor authentication (MFA) mechanisms to gain access to credentials.
Adversaries may gather credential material by evoking an authentication process that provides the material.
Adversaries may attempt to obtain the password policy in use to aid in credential guessing.
Adversaries may exploit software vulnerabilities to gain access to credential material.
Adversaries may destroy data and files on specific systems or in large numbers on a network to interrupt availability to systems, services, and network resources.
Adversaries may encrypt data on target systems or on large numbers of systems in a network to interrupt availability to system and network resources.
Adversaries may leverage the resources of co-opted systems in order to solve resource intensive problems which may impact system and/or hosted service availability.
Adversaries may perform Network Denial of Service (DoS) attacks to degrade or block the availability of targeted resources.
Adversaries may perform Endpoint Denial of Service (DoS) attacks to degrade or block the availability of services on a victim system.
Adversaries may interrupt availability of system and network resources by inhibiting access to accounts utilized by legitimate users.
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by a specific event.
Adversaries may circumvent mechanisms designed to control elevation of privileges to gain higher-level permissions.
Adversaries may use alternate authentication material, such as password hashes, Kerberos tickets, and application access tokens, to move laterally and bypass access controls.
Adversaries may search compromised systems to find and obtain insecurely stored credentials.
Adversaries may search for common password storage locations to obtain user credentials.
Adversaries may modify authentication mechanisms and processes to bypass access controls.
Adversaries may manipulate data on target systems to influence the integrity of information.
