T1552

Windows SaaS IaaS Linux macOS Containers Network Devices Office Suite Identity Provider
Unsecured Credentials

Description

Adversaries may search compromised systems to find and obtain insecurely stored credentials. These credentials can be stored and/or misplaced in many locations on a system, including plaintext files (e.g. Shell History), operating system or application-specific repositories (e.g. Credentials in Registry), or other specialized files/artifacts (e.g. Private Keys).

Sub-techniques

T1552.001 — Credentials In Files T1552.002 — Credentials in Registry T1552.003 — Shell History T1552.004 — Private Keys T1552.005 — Cloud Instance Metadata API T1552.006 — Group Policy Preferences T1552.007 — Container API T1552.008 — Chat Messages