Home >
Enterprise >
Participants >
Microsoft >
OS Credential Dumping (T1003)
|
|
See technique results for:
Carbanak+FIN7 |
||||||||||||
Step | ATT&CK Pattern |
|
||||||||||
4.B.7
|
|
|||||||||||
15.A.6
|
|
APT29 |
||||||||
Step | ATT&CK Pattern |
|
||||||
6.C.1
|
|
|||||||
14.B.4
|
|
|||||||
16.D.2
|
|
APT3 |
||||||
Step | ATT&CK Pattern |
|
||||
5.A.1.1
|
|
|||||
5.A.2.1
|
|
Procedure
Cobalt Strike: Built-in Mimikatz credential dump capability executed
Footnotes
- Vendor stated the Exploit Guard audit events demonstrate that execution would have been prevented if Attack Surface Reduction (ASR) was enabled in blocking mode. Vendor stated that Credential Guard can also mitigate this attack if enabled.


[2]


[3]


[4]


Procedure
Cobalt Strike: Built-in hash dump capability executed
Footnotes
- Vendor stated the Exploit Guard audit events demonstrate that execution would have been prevented if Attack Surface Reduction (ASR) was enabled in blocking mode. Vendor stated that Credential Guard can also mitigate this attack if enabled.


[2]

