Skip to content

Hide Navigation Hide TOC

Credential Access Protection - M1043 (49c06d54-9002-491d-9147-8efb537fbd26)

Use capabilities to prevent successful credential access by adversaries; including blocking forms of credential dumping.

Cluster A Galaxy A Cluster B Galaxy B Level
LSASS Driver - T1547.008 (f0589bc3-a6ae-425a-a3d5-5659bfee07f4) Attack Pattern Credential Access Protection - M1043 (49c06d54-9002-491d-9147-8efb537fbd26) Course of Action 1
Credential Access Protection - M1043 (49c06d54-9002-491d-9147-8efb537fbd26) Course of Action Network Boundary Bridging - T1599 (b8017880-4b1e-42de-ad10-ae7ac6705166) Attack Pattern 1
Credential Access Protection - M1043 (49c06d54-9002-491d-9147-8efb537fbd26) Course of Action Network Address Translation Traversal - T1599.001 (4ffc1794-ec3b-45be-9e52-42dbcb2af2de) Attack Pattern 1
Credential Access Protection - M1043 (49c06d54-9002-491d-9147-8efb537fbd26) Course of Action Patch System Image - T1601.001 (d245808a-7086-4310-984a-a84aaaa43f8f) Attack Pattern 1
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern Credential Access Protection - M1043 (49c06d54-9002-491d-9147-8efb537fbd26) Course of Action 1
Modify System Image - T1601 (ae7f3575-0a5e-427e-991b-fe03ad44c754) Attack Pattern Credential Access Protection - M1043 (49c06d54-9002-491d-9147-8efb537fbd26) Course of Action 1
Downgrade System Image - T1601.002 (fc74ba38-dc98-461f-8611-b3dbf9978e3d) Attack Pattern Credential Access Protection - M1043 (49c06d54-9002-491d-9147-8efb537fbd26) Course of Action 1
Credential Access Protection - M1043 (49c06d54-9002-491d-9147-8efb537fbd26) Course of Action OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern 1
LSASS Driver - T1547.008 (f0589bc3-a6ae-425a-a3d5-5659bfee07f4) Attack Pattern Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern 2
Network Boundary Bridging - T1599 (b8017880-4b1e-42de-ad10-ae7ac6705166) Attack Pattern Network Address Translation Traversal - T1599.001 (4ffc1794-ec3b-45be-9e52-42dbcb2af2de) Attack Pattern 2
Modify System Image - T1601 (ae7f3575-0a5e-427e-991b-fe03ad44c754) Attack Pattern Patch System Image - T1601.001 (d245808a-7086-4310-984a-a84aaaa43f8f) Attack Pattern 2
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern 2
Modify System Image - T1601 (ae7f3575-0a5e-427e-991b-fe03ad44c754) Attack Pattern Downgrade System Image - T1601.002 (fc74ba38-dc98-461f-8611-b3dbf9978e3d) Attack Pattern 2